Jul 14 06:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17447]: pam_unix(cron:session): session closed for user root
Jul 14 06:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 06:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.223.40.78  user=root
Jul 14 06:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23131]: Failed password for root from 41.223.40.78 port 38448 ssh2
Jul 14 06:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23131]: Received disconnect from 41.223.40.78 port 38448:11: Bye Bye [preauth]
Jul 14 06:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23131]: Disconnected from 41.223.40.78 port 38448 [preauth]
Jul 14 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23157]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23158]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23156]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23155]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23155]: pam_unix(cron:session): session closed for user p13x
Jul 14 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23237]: Successful su for rubyman by root
Jul 14 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23237]: + ??? root:rubyman
Jul 14 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23237]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782742 of user rubyman.
Jul 14 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23237]: pam_unix(su:session): session closed for user rubyman
Jul 14 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782742.
Jul 14 06:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19805]: pam_unix(cron:session): session closed for user root
Jul 14 06:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23156]: pam_unix(cron:session): session closed for user samftp
Jul 14 06:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21575]: pam_unix(cron:session): session closed for user root
Jul 14 06:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 06:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.149.199  user=root
Jul 14 06:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23662]: Failed password for root from 27.254.149.199 port 58310 ssh2
Jul 14 06:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23662]: Received disconnect from 27.254.149.199 port 58310:11: Bye Bye [preauth]
Jul 14 06:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23662]: Disconnected from 27.254.149.199 port 58310 [preauth]
Jul 14 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23687]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23684]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23683]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23682]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23682]: pam_unix(cron:session): session closed for user p13x
Jul 14 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23744]: Successful su for rubyman by root
Jul 14 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23744]: + ??? root:rubyman
Jul 14 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23744]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782745 of user rubyman.
Jul 14 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23744]: pam_unix(su:session): session closed for user rubyman
Jul 14 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782745.
Jul 14 06:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 06:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24027]: Did not receive identification string from 193.32.162.141
Jul 14 06:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20260]: pam_unix(cron:session): session closed for user root
Jul 14 06:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23683]: pam_unix(cron:session): session closed for user samftp
Jul 14 06:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 06:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.223.40.78  user=root
Jul 14 06:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24067]: Failed password for root from 41.223.40.78 port 35100 ssh2
Jul 14 06:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24067]: Received disconnect from 41.223.40.78 port 35100:11: Bye Bye [preauth]
Jul 14 06:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24067]: Disconnected from 41.223.40.78 port 35100 [preauth]
Jul 14 06:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22354]: pam_unix(cron:session): session closed for user root
Jul 14 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24229]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24227]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24228]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24226]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24226]: pam_unix(cron:session): session closed for user p13x
Jul 14 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24303]: Successful su for rubyman by root
Jul 14 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24303]: + ??? root:rubyman
Jul 14 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24303]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782750 of user rubyman.
Jul 14 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24303]: pam_unix(su:session): session closed for user rubyman
Jul 14 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782750.
Jul 14 06:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20693]: pam_unix(cron:session): session closed for user root
Jul 14 06:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24227]: pam_unix(cron:session): session closed for user samftp
Jul 14 06:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 06:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.149.199  user=root
Jul 14 06:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24531]: Failed password for root from 27.254.149.199 port 57410 ssh2
Jul 14 06:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24531]: Received disconnect from 27.254.149.199 port 57410:11: Bye Bye [preauth]
Jul 14 06:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24531]: Disconnected from 27.254.149.199 port 57410 [preauth]
Jul 14 06:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 06:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.223.40.78  user=root
Jul 14 06:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24591]: Failed password for root from 41.223.40.78 port 48168 ssh2
Jul 14 06:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24591]: Received disconnect from 41.223.40.78 port 48168:11: Bye Bye [preauth]
Jul 14 06:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24591]: Disconnected from 41.223.40.78 port 48168 [preauth]
Jul 14 06:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23158]: pam_unix(cron:session): session closed for user root
Jul 14 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24703]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24702]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24705]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24699]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24696]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24699]: pam_unix(cron:session): session closed for user p13x
Jul 14 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24836]: Successful su for rubyman by root
Jul 14 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24836]: + ??? root:rubyman
Jul 14 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24836]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782753 of user rubyman.
Jul 14 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24836]: pam_unix(su:session): session closed for user rubyman
Jul 14 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782753.
Jul 14 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24696]: pam_unix(cron:session): session closed for user root
Jul 14 06:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21121]: pam_unix(cron:session): session closed for user root
Jul 14 06:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24702]: pam_unix(cron:session): session closed for user samftp
Jul 14 06:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 06:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.149.199  user=root
Jul 14 06:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25114]: Failed password for root from 27.254.149.199 port 56510 ssh2
Jul 14 06:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25114]: Received disconnect from 27.254.149.199 port 56510:11: Bye Bye [preauth]
Jul 14 06:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25114]: Disconnected from 27.254.149.199 port 56510 [preauth]
Jul 14 06:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23687]: pam_unix(cron:session): session closed for user root
Jul 14 06:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 06:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
Jul 14 06:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 06:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25159]: Failed password for root from 190.103.202.7 port 54058 ssh2
Jul 14 06:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25159]: Connection closed by 190.103.202.7 port 54058 [preauth]
Jul 14 06:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.223.40.78  user=root
Jul 14 06:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25161]: Failed password for root from 41.223.40.78 port 59366 ssh2
Jul 14 06:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25161]: Received disconnect from 41.223.40.78 port 59366:11: Bye Bye [preauth]
Jul 14 06:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25161]: Disconnected from 41.223.40.78 port 59366 [preauth]
Jul 14 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25216]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25215]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25219]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25214]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25212]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25217]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25219]: pam_unix(cron:session): session closed for user root
Jul 14 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25212]: pam_unix(cron:session): session closed for user p13x
Jul 14 06:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25300]: Successful su for rubyman by root
Jul 14 06:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25300]: + ??? root:rubyman
Jul 14 06:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25300]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 06:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782763 of user rubyman.
Jul 14 06:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25300]: pam_unix(su:session): session closed for user rubyman
Jul 14 06:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782763.
Jul 14 06:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25215]: pam_unix(cron:session): session closed for user root
Jul 14 06:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21574]: pam_unix(cron:session): session closed for user root
Jul 14 06:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25214]: pam_unix(cron:session): session closed for user samftp
Jul 14 06:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24229]: pam_unix(cron:session): session closed for user root
Jul 14 06:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 06:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.149.199  user=root
Jul 14 06:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25702]: Failed password for root from 27.254.149.199 port 55608 ssh2
Jul 14 06:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25702]: Received disconnect from 27.254.149.199 port 55608:11: Bye Bye [preauth]
Jul 14 06:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25702]: Disconnected from 27.254.149.199 port 55608 [preauth]
Jul 14 06:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 06:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.223.40.78  user=root
Jul 14 06:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25715]: Failed password for root from 41.223.40.78 port 51696 ssh2
Jul 14 06:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25715]: Received disconnect from 41.223.40.78 port 51696:11: Bye Bye [preauth]
Jul 14 06:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25715]: Disconnected from 41.223.40.78 port 51696 [preauth]
Jul 14 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25728]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25726]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25727]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25729]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25726]: pam_unix(cron:session): session closed for user p13x
Jul 14 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25821]: Successful su for rubyman by root
Jul 14 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25821]: + ??? root:rubyman
Jul 14 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25821]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782764 of user rubyman.
Jul 14 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25821]: pam_unix(su:session): session closed for user rubyman
Jul 14 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782764.
Jul 14 06:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22353]: pam_unix(cron:session): session closed for user root
Jul 14 06:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25727]: pam_unix(cron:session): session closed for user samftp
Jul 14 06:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24705]: pam_unix(cron:session): session closed for user root
Jul 14 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26201]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26204]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26202]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26200]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26200]: pam_unix(cron:session): session closed for user p13x
Jul 14 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26263]: Successful su for rubyman by root
Jul 14 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26263]: + ??? root:rubyman
Jul 14 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26263]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782769 of user rubyman.
Jul 14 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26263]: pam_unix(su:session): session closed for user rubyman
Jul 14 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782769.
Jul 14 06:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23157]: pam_unix(cron:session): session closed for user root
Jul 14 06:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26201]: pam_unix(cron:session): session closed for user samftp
Jul 14 06:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 06:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.149.199  user=root
Jul 14 06:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 06:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26559]: Failed password for root from 27.254.149.199 port 54708 ssh2
Jul 14 06:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26559]: Received disconnect from 27.254.149.199 port 54708:11: Bye Bye [preauth]
Jul 14 06:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26559]: Disconnected from 27.254.149.199 port 54708 [preauth]
Jul 14 06:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.223.40.78  user=root
Jul 14 06:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: Failed password for root from 41.223.40.78 port 60268 ssh2
Jul 14 06:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: Received disconnect from 41.223.40.78 port 60268:11: Bye Bye [preauth]
Jul 14 06:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: Disconnected from 41.223.40.78 port 60268 [preauth]
Jul 14 06:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25217]: pam_unix(cron:session): session closed for user root
Jul 14 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26724]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26726]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26725]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26723]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26723]: pam_unix(cron:session): session closed for user p13x
Jul 14 06:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26803]: Successful su for rubyman by root
Jul 14 06:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26803]: + ??? root:rubyman
Jul 14 06:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26803]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 06:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782774 of user rubyman.
Jul 14 06:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26803]: pam_unix(su:session): session closed for user rubyman
Jul 14 06:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782774.
Jul 14 06:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23684]: pam_unix(cron:session): session closed for user root
Jul 14 06:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26724]: pam_unix(cron:session): session closed for user samftp
Jul 14 06:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 06:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.160  user=root
Jul 14 06:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27113]: Failed password for root from 195.178.110.160 port 53748 ssh2
Jul 14 06:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27113]: Connection closed by 195.178.110.160 port 53748 [preauth]
Jul 14 06:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 06:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.160  user=root
Jul 14 06:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27139]: Failed password for root from 195.178.110.160 port 53756 ssh2
Jul 14 06:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27139]: Connection closed by 195.178.110.160 port 53756 [preauth]
Jul 14 06:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 06:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.160  user=root
Jul 14 06:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27142]: Failed password for root from 195.178.110.160 port 35052 ssh2
Jul 14 06:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27142]: Connection closed by 195.178.110.160 port 35052 [preauth]
Jul 14 06:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 06:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.160  user=root
Jul 14 06:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27153]: Failed password for root from 195.178.110.160 port 35060 ssh2
Jul 14 06:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27153]: Connection closed by 195.178.110.160 port 35060 [preauth]
Jul 14 06:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 06:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.160  user=root
Jul 14 06:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 06:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 06:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27183]: Failed password for root from 195.178.110.160 port 35072 ssh2
Jul 14 06:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27183]: Connection closed by 195.178.110.160 port 35072 [preauth]
Jul 14 06:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.149.199  user=root
Jul 14 06:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.223.40.78  user=root
Jul 14 06:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27185]: Failed password for root from 27.254.149.199 port 53810 ssh2
Jul 14 06:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27187]: Failed password for root from 41.223.40.78 port 34214 ssh2
Jul 14 06:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27185]: Received disconnect from 27.254.149.199 port 53810:11: Bye Bye [preauth]
Jul 14 06:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27185]: Disconnected from 27.254.149.199 port 53810 [preauth]
Jul 14 06:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27187]: Received disconnect from 41.223.40.78 port 34214:11: Bye Bye [preauth]
Jul 14 06:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27187]: Disconnected from 41.223.40.78 port 34214 [preauth]
Jul 14 06:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25729]: pam_unix(cron:session): session closed for user root
Jul 14 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27301]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27299]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27298]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27296]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27296]: pam_unix(cron:session): session closed for user p13x
Jul 14 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27424]: Successful su for rubyman by root
Jul 14 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27424]: + ??? root:rubyman
Jul 14 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27424]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782776 of user rubyman.
Jul 14 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27424]: pam_unix(su:session): session closed for user rubyman
Jul 14 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782776.
Jul 14 06:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24228]: pam_unix(cron:session): session closed for user root
Jul 14 06:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27298]: pam_unix(cron:session): session closed for user samftp
Jul 14 06:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26204]: pam_unix(cron:session): session closed for user root
Jul 14 06:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 06:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.223.40.78  user=root
Jul 14 06:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 06:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.149.199  user=root
Jul 14 06:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27806]: Failed password for root from 41.223.40.78 port 40888 ssh2
Jul 14 06:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27806]: Received disconnect from 41.223.40.78 port 40888:11: Bye Bye [preauth]
Jul 14 06:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27806]: Disconnected from 41.223.40.78 port 40888 [preauth]
Jul 14 06:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27809]: Failed password for root from 27.254.149.199 port 52908 ssh2
Jul 14 06:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27809]: Received disconnect from 27.254.149.199 port 52908:11: Bye Bye [preauth]
Jul 14 06:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27809]: Disconnected from 27.254.149.199 port 52908 [preauth]
Jul 14 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27863]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27864]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27860]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27850]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27862]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27848]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27864]: pam_unix(cron:session): session closed for user root
Jul 14 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27848]: pam_unix(cron:session): session closed for user p13x
Jul 14 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27933]: Successful su for rubyman by root
Jul 14 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27933]: + ??? root:rubyman
Jul 14 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27933]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782780 of user rubyman.
Jul 14 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27933]: pam_unix(su:session): session closed for user rubyman
Jul 14 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782780.
Jul 14 06:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27860]: pam_unix(cron:session): session closed for user root
Jul 14 06:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24703]: pam_unix(cron:session): session closed for user root
Jul 14 06:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27850]: pam_unix(cron:session): session closed for user samftp
Jul 14 06:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26726]: pam_unix(cron:session): session closed for user root
Jul 14 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28315]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28314]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28313]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28312]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28312]: pam_unix(cron:session): session closed for user p13x
Jul 14 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28402]: Successful su for rubyman by root
Jul 14 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28402]: + ??? root:rubyman
Jul 14 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28402]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782787 of user rubyman.
Jul 14 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28402]: pam_unix(su:session): session closed for user rubyman
Jul 14 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782787.
Jul 14 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.223.40.78  user=root
Jul 14 06:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28308]: Failed password for root from 41.223.40.78 port 36972 ssh2
Jul 14 06:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28308]: Received disconnect from 41.223.40.78 port 36972:11: Bye Bye [preauth]
Jul 14 06:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28308]: Disconnected from 41.223.40.78 port 36972 [preauth]
Jul 14 06:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25216]: pam_unix(cron:session): session closed for user root
Jul 14 06:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 06:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28313]: pam_unix(cron:session): session closed for user samftp
Jul 14 06:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.149.199  user=root
Jul 14 06:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28601]: Failed password for root from 27.254.149.199 port 52006 ssh2
Jul 14 06:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28601]: Received disconnect from 27.254.149.199 port 52006:11: Bye Bye [preauth]
Jul 14 06:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28601]: Disconnected from 27.254.149.199 port 52006 [preauth]
Jul 14 06:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27301]: pam_unix(cron:session): session closed for user root
Jul 14 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28760]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28757]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28761]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28758]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28757]: pam_unix(cron:session): session closed for user p13x
Jul 14 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28825]: Successful su for rubyman by root
Jul 14 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28825]: + ??? root:rubyman
Jul 14 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28825]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782790 of user rubyman.
Jul 14 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28825]: pam_unix(su:session): session closed for user rubyman
Jul 14 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782790.
Jul 14 06:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25728]: pam_unix(cron:session): session closed for user root
Jul 14 06:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28758]: pam_unix(cron:session): session closed for user samftp
Jul 14 06:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 06:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.223.40.78  user=root
Jul 14 06:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29171]: Failed password for root from 41.223.40.78 port 38014 ssh2
Jul 14 06:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29171]: Received disconnect from 41.223.40.78 port 38014:11: Bye Bye [preauth]
Jul 14 06:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29171]: Disconnected from 41.223.40.78 port 38014 [preauth]
Jul 14 06:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 06:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.149.199  user=root
Jul 14 06:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27863]: pam_unix(cron:session): session closed for user root
Jul 14 06:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29207]: Failed password for root from 27.254.149.199 port 51114 ssh2
Jul 14 06:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29207]: Received disconnect from 27.254.149.199 port 51114:11: Bye Bye [preauth]
Jul 14 06:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29207]: Disconnected from 27.254.149.199 port 51114 [preauth]
Jul 14 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29297]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29298]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29295]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29296]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29295]: pam_unix(cron:session): session closed for user p13x
Jul 14 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29361]: Successful su for rubyman by root
Jul 14 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29361]: + ??? root:rubyman
Jul 14 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29361]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782795 of user rubyman.
Jul 14 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29361]: pam_unix(su:session): session closed for user rubyman
Jul 14 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782795.
Jul 14 06:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26202]: pam_unix(cron:session): session closed for user root
Jul 14 06:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29296]: pam_unix(cron:session): session closed for user samftp
Jul 14 06:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28315]: pam_unix(cron:session): session closed for user root
Jul 14 06:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 06:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.223.40.78  user=root
Jul 14 06:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29696]: Failed password for root from 41.223.40.78 port 56184 ssh2
Jul 14 06:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29696]: Received disconnect from 41.223.40.78 port 56184:11: Bye Bye [preauth]
Jul 14 06:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29696]: Disconnected from 41.223.40.78 port 56184 [preauth]
Jul 14 06:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 06:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.149.199  user=root
Jul 14 06:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29723]: Failed password for root from 27.254.149.199 port 50216 ssh2
Jul 14 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29723]: Received disconnect from 27.254.149.199 port 50216:11: Bye Bye [preauth]
Jul 14 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29723]: Disconnected from 27.254.149.199 port 50216 [preauth]
Jul 14 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29742]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29740]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29743]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29735]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29735]: pam_unix(cron:session): session closed for user p13x
Jul 14 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29800]: Successful su for rubyman by root
Jul 14 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29800]: + ??? root:rubyman
Jul 14 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29800]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782798 of user rubyman.
Jul 14 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29800]: pam_unix(su:session): session closed for user rubyman
Jul 14 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782798.
Jul 14 06:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26725]: pam_unix(cron:session): session closed for user root
Jul 14 06:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29740]: pam_unix(cron:session): session closed for user samftp
Jul 14 06:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28761]: pam_unix(cron:session): session closed for user root
Jul 14 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30164]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30159]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30163]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30158]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30161]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30160]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30164]: pam_unix(cron:session): session closed for user root
Jul 14 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30158]: pam_unix(cron:session): session closed for user p13x
Jul 14 06:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30226]: Successful su for rubyman by root
Jul 14 06:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30226]: + ??? root:rubyman
Jul 14 06:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30226]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 06:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782806 of user rubyman.
Jul 14 06:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30226]: pam_unix(su:session): session closed for user rubyman
Jul 14 06:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782806.
Jul 14 06:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30160]: pam_unix(cron:session): session closed for user root
Jul 14 06:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 06:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27299]: pam_unix(cron:session): session closed for user root
Jul 14 06:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.223.40.78  user=root
Jul 14 06:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30381]: Failed password for root from 41.223.40.78 port 51644 ssh2
Jul 14 06:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30381]: Received disconnect from 41.223.40.78 port 51644:11: Bye Bye [preauth]
Jul 14 06:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30381]: Disconnected from 41.223.40.78 port 51644 [preauth]
Jul 14 06:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30159]: pam_unix(cron:session): session closed for user samftp
Jul 14 06:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 06:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.149.199  user=root
Jul 14 06:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30480]: Failed password for root from 27.254.149.199 port 49320 ssh2
Jul 14 06:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30480]: Received disconnect from 27.254.149.199 port 49320:11: Bye Bye [preauth]
Jul 14 06:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30480]: Disconnected from 27.254.149.199 port 49320 [preauth]
Jul 14 06:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29298]: pam_unix(cron:session): session closed for user root
Jul 14 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30609]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30610]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30608]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30607]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30607]: pam_unix(cron:session): session closed for user p13x
Jul 14 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30677]: Successful su for rubyman by root
Jul 14 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30677]: + ??? root:rubyman
Jul 14 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30677]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782809 of user rubyman.
Jul 14 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30677]: pam_unix(su:session): session closed for user rubyman
Jul 14 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782809.
Jul 14 06:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27862]: pam_unix(cron:session): session closed for user root
Jul 14 06:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30608]: pam_unix(cron:session): session closed for user samftp
Jul 14 06:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 06:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.223.40.78  user=root
Jul 14 06:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30991]: Failed password for root from 41.223.40.78 port 48586 ssh2
Jul 14 06:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30991]: Received disconnect from 41.223.40.78 port 48586:11: Bye Bye [preauth]
Jul 14 06:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30991]: Disconnected from 41.223.40.78 port 48586 [preauth]
Jul 14 06:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29743]: pam_unix(cron:session): session closed for user root
Jul 14 06:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 06:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.149.199  user=root
Jul 14 06:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31105]: Failed password for root from 27.254.149.199 port 48426 ssh2
Jul 14 06:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31105]: Received disconnect from 27.254.149.199 port 48426:11: Bye Bye [preauth]
Jul 14 06:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31105]: Disconnected from 27.254.149.199 port 48426 [preauth]
Jul 14 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31136]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31138]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31137]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31135]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31135]: pam_unix(cron:session): session closed for user p13x
Jul 14 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31201]: Successful su for rubyman by root
Jul 14 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31201]: + ??? root:rubyman
Jul 14 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31201]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782813 of user rubyman.
Jul 14 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31201]: pam_unix(su:session): session closed for user rubyman
Jul 14 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782813.
Jul 14 06:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28314]: pam_unix(cron:session): session closed for user root
Jul 14 06:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31136]: pam_unix(cron:session): session closed for user samftp
Jul 14 06:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 06:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
Jul 14 06:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31429]: Failed password for root from 164.68.105.9 port 44324 ssh2
Jul 14 06:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31429]: Connection closed by 164.68.105.9 port 44324 [preauth]
Jul 14 06:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 06:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31463]: Did not receive identification string from 193.32.162.141
Jul 14 06:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30163]: pam_unix(cron:session): session closed for user root
Jul 14 06:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 06:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.223.40.78  user=root
Jul 14 06:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31524]: Failed password for root from 41.223.40.78 port 39752 ssh2
Jul 14 06:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31524]: Received disconnect from 41.223.40.78 port 39752:11: Bye Bye [preauth]
Jul 14 06:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31524]: Disconnected from 41.223.40.78 port 39752 [preauth]
Jul 14 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31561]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31560]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31562]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31559]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31559]: pam_unix(cron:session): session closed for user p13x
Jul 14 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31633]: Successful su for rubyman by root
Jul 14 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31633]: + ??? root:rubyman
Jul 14 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31633]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782816 of user rubyman.
Jul 14 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31633]: pam_unix(su:session): session closed for user rubyman
Jul 14 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782816.
Jul 14 06:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 06:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.149.199  user=root
Jul 14 06:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28760]: pam_unix(cron:session): session closed for user root
Jul 14 06:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31776]: Failed password for root from 27.254.149.199 port 47524 ssh2
Jul 14 06:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31776]: Received disconnect from 27.254.149.199 port 47524:11: Bye Bye [preauth]
Jul 14 06:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31776]: Disconnected from 27.254.149.199 port 47524 [preauth]
Jul 14 06:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31560]: pam_unix(cron:session): session closed for user samftp
Jul 14 06:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30610]: pam_unix(cron:session): session closed for user root
Jul 14 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32312]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32313]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32311]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32310]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32310]: pam_unix(cron:session): session closed for user p13x
Jul 14 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32398]: Successful su for rubyman by root
Jul 14 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32398]: + ??? root:rubyman
Jul 14 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32398]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782821 of user rubyman.
Jul 14 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32398]: pam_unix(su:session): session closed for user rubyman
Jul 14 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782821.
Jul 14 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.223.40.78  user=root
Jul 14 06:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29297]: pam_unix(cron:session): session closed for user root
Jul 14 06:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32307]: Failed password for root from 41.223.40.78 port 53406 ssh2
Jul 14 06:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32307]: Received disconnect from 41.223.40.78 port 53406:11: Bye Bye [preauth]
Jul 14 06:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32307]: Disconnected from 41.223.40.78 port 53406 [preauth]
Jul 14 06:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32311]: pam_unix(cron:session): session closed for user samftp
Jul 14 06:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 06:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.149.199  user=root
Jul 14 06:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32744]: Failed password for root from 27.254.149.199 port 46624 ssh2
Jul 14 06:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32744]: Received disconnect from 27.254.149.199 port 46624:11: Bye Bye [preauth]
Jul 14 06:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32744]: Disconnected from 27.254.149.199 port 46624 [preauth]
Jul 14 06:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31138]: pam_unix(cron:session): session closed for user root
Jul 14 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[445]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[443]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[444]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[442]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[448]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[438]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[448]: pam_unix(cron:session): session closed for user root
Jul 14 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[438]: pam_unix(cron:session): session closed for user p13x
Jul 14 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[543]: Successful su for rubyman by root
Jul 14 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[543]: + ??? root:rubyman
Jul 14 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[543]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782824 of user rubyman.
Jul 14 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[543]: pam_unix(su:session): session closed for user rubyman
Jul 14 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782824.
Jul 14 06:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29742]: pam_unix(cron:session): session closed for user root
Jul 14 06:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[443]: pam_unix(cron:session): session closed for user root
Jul 14 06:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[442]: pam_unix(cron:session): session closed for user samftp
Jul 14 06:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 06:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.223.40.78  user=root
Jul 14 06:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[839]: Failed password for root from 41.223.40.78 port 40258 ssh2
Jul 14 06:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[839]: Received disconnect from 41.223.40.78 port 40258:11: Bye Bye [preauth]
Jul 14 06:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[839]: Disconnected from 41.223.40.78 port 40258 [preauth]
Jul 14 06:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31562]: pam_unix(cron:session): session closed for user root
Jul 14 06:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 06:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.149.199  user=root
Jul 14 06:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[956]: Failed password for root from 27.254.149.199 port 45726 ssh2
Jul 14 06:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[956]: Received disconnect from 27.254.149.199 port 45726:11: Bye Bye [preauth]
Jul 14 06:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[956]: Disconnected from 27.254.149.199 port 45726 [preauth]
Jul 14 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1006]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1004]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1005]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1002]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1002]: pam_unix(cron:session): session closed for user p13x
Jul 14 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1096]: Successful su for rubyman by root
Jul 14 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1096]: + ??? root:rubyman
Jul 14 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1096]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782831 of user rubyman.
Jul 14 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1096]: pam_unix(su:session): session closed for user rubyman
Jul 14 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782831.
Jul 14 06:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30161]: pam_unix(cron:session): session closed for user root
Jul 14 06:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1004]: pam_unix(cron:session): session closed for user samftp
Jul 14 06:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32313]: pam_unix(cron:session): session closed for user root
Jul 14 06:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 06:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.223.40.78  user=root
Jul 14 06:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1417]: Failed password for root from 41.223.40.78 port 33788 ssh2
Jul 14 06:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1417]: Received disconnect from 41.223.40.78 port 33788:11: Bye Bye [preauth]
Jul 14 06:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1417]: Disconnected from 41.223.40.78 port 33788 [preauth]
Jul 14 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1521]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1520]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1519]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1518]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1518]: pam_unix(cron:session): session closed for user p13x
Jul 14 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1602]: Successful su for rubyman by root
Jul 14 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1602]: + ??? root:rubyman
Jul 14 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1602]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782835 of user rubyman.
Jul 14 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1602]: pam_unix(su:session): session closed for user rubyman
Jul 14 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782835.
Jul 14 06:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.149.199  user=root
Jul 14 06:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30609]: pam_unix(cron:session): session closed for user root
Jul 14 06:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1587]: Failed password for root from 27.254.149.199 port 44824 ssh2
Jul 14 06:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1587]: Received disconnect from 27.254.149.199 port 44824:11: Bye Bye [preauth]
Jul 14 06:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1587]: Disconnected from 27.254.149.199 port 44824 [preauth]
Jul 14 06:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1519]: pam_unix(cron:session): session closed for user samftp
Jul 14 06:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[445]: pam_unix(cron:session): session closed for user root
Jul 14 06:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 06:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.223.40.78  user=root
Jul 14 06:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2080]: Failed password for root from 41.223.40.78 port 40924 ssh2
Jul 14 06:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2080]: Received disconnect from 41.223.40.78 port 40924:11: Bye Bye [preauth]
Jul 14 06:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2080]: Disconnected from 41.223.40.78 port 40924 [preauth]
Jul 14 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2091]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2093]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2094]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2092]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2091]: pam_unix(cron:session): session closed for user p13x
Jul 14 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2158]: Successful su for rubyman by root
Jul 14 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2158]: + ??? root:rubyman
Jul 14 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2158]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782839 of user rubyman.
Jul 14 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2158]: pam_unix(su:session): session closed for user rubyman
Jul 14 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782839.
Jul 14 06:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31137]: pam_unix(cron:session): session closed for user root
Jul 14 06:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2092]: pam_unix(cron:session): session closed for user samftp
Jul 14 06:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 06:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.149.199  user=root
Jul 14 06:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2389]: Failed password for root from 27.254.149.199 port 43922 ssh2
Jul 14 06:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2389]: Received disconnect from 27.254.149.199 port 43922:11: Bye Bye [preauth]
Jul 14 06:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2389]: Disconnected from 27.254.149.199 port 43922 [preauth]
Jul 14 06:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1006]: pam_unix(cron:session): session closed for user root
Jul 14 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2533]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2535]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2534]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2532]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2532]: pam_unix(cron:session): session closed for user p13x
Jul 14 06:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2606]: Successful su for rubyman by root
Jul 14 06:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2606]: + ??? root:rubyman
Jul 14 06:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2606]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 06:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782843 of user rubyman.
Jul 14 06:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2606]: pam_unix(su:session): session closed for user rubyman
Jul 14 06:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782843.
Jul 14 06:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31561]: pam_unix(cron:session): session closed for user root
Jul 14 06:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2533]: pam_unix(cron:session): session closed for user samftp
Jul 14 06:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 06:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.223.40.78  user=root
Jul 14 06:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2822]: Failed password for root from 41.223.40.78 port 51604 ssh2
Jul 14 06:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2822]: Received disconnect from 41.223.40.78 port 51604:11: Bye Bye [preauth]
Jul 14 06:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2822]: Disconnected from 41.223.40.78 port 51604 [preauth]
Jul 14 06:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1521]: pam_unix(cron:session): session closed for user root
Jul 14 06:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 06:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.149.199  user=root
Jul 14 06:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2918]: Failed password for root from 27.254.149.199 port 43020 ssh2
Jul 14 06:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2918]: Received disconnect from 27.254.149.199 port 43020:11: Bye Bye [preauth]
Jul 14 06:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2918]: Disconnected from 27.254.149.199 port 43020 [preauth]
Jul 14 06:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 06:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2942]: Invalid user ubuntu from 193.32.162.141
Jul 14 06:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2942]: input_userauth_request: invalid user ubuntu [preauth]
Jul 14 06:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2942]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 06:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.141
Jul 14 06:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2942]: Failed password for invalid user ubuntu from 193.32.162.141 port 45750 ssh2
Jul 14 06:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2942]: Connection closed by 193.32.162.141 port 45750 [preauth]
Jul 14 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2996]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2994]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2995]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2992]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2993]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2991]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2990]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2996]: pam_unix(cron:session): session closed for user root
Jul 14 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2992]: pam_unix(cron:session): session closed for user root
Jul 14 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2990]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3095]: Successful su for rubyman by root
Jul 14 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3095]: + ??? root:rubyman
Jul 14 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3095]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782849 of user rubyman.
Jul 14 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3095]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782849.
Jul 14 07:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2993]: pam_unix(cron:session): session closed for user root
Jul 14 07:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32312]: pam_unix(cron:session): session closed for user root
Jul 14 07:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2991]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 07:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.223.40.78  user=root
Jul 14 07:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3418]: Failed password for root from 41.223.40.78 port 37460 ssh2
Jul 14 07:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2094]: pam_unix(cron:session): session closed for user root
Jul 14 07:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3418]: Received disconnect from 41.223.40.78 port 37460:11: Bye Bye [preauth]
Jul 14 07:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3418]: Disconnected from 41.223.40.78 port 37460 [preauth]
Jul 14 07:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 07:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.149.199  user=root
Jul 14 07:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3548]: Failed password for root from 27.254.149.199 port 42120 ssh2
Jul 14 07:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3548]: Received disconnect from 27.254.149.199 port 42120:11: Bye Bye [preauth]
Jul 14 07:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3548]: Disconnected from 27.254.149.199 port 42120 [preauth]
Jul 14 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3594]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3593]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3591]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3561]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3561]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3661]: Successful su for rubyman by root
Jul 14 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3661]: + ??? root:rubyman
Jul 14 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3661]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782853 of user rubyman.
Jul 14 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3661]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782853.
Jul 14 07:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[444]: pam_unix(cron:session): session closed for user root
Jul 14 07:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3591]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2535]: pam_unix(cron:session): session closed for user root
Jul 14 07:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 07:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.223.40.78  user=root
Jul 14 07:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4050]: Failed password for root from 41.223.40.78 port 36928 ssh2
Jul 14 07:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4050]: Received disconnect from 41.223.40.78 port 36928:11: Bye Bye [preauth]
Jul 14 07:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4050]: Disconnected from 41.223.40.78 port 36928 [preauth]
Jul 14 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4064]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4062]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4063]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4061]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4061]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4124]: Successful su for rubyman by root
Jul 14 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4124]: + ??? root:rubyman
Jul 14 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4124]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782857 of user rubyman.
Jul 14 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4124]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782857.
Jul 14 07:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1005]: pam_unix(cron:session): session closed for user root
Jul 14 07:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4062]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 07:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.149.199  user=root
Jul 14 07:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4618]: Failed password for root from 27.254.149.199 port 41222 ssh2
Jul 14 07:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4618]: Received disconnect from 27.254.149.199 port 41222:11: Bye Bye [preauth]
Jul 14 07:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4618]: Disconnected from 27.254.149.199 port 41222 [preauth]
Jul 14 07:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2995]: pam_unix(cron:session): session closed for user root
Jul 14 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4743]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4742]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4741]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4740]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4740]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4813]: Successful su for rubyman by root
Jul 14 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4813]: + ??? root:rubyman
Jul 14 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4813]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782862 of user rubyman.
Jul 14 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4813]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782862.
Jul 14 07:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1520]: pam_unix(cron:session): session closed for user root
Jul 14 07:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4741]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 07:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.223.40.78  user=root
Jul 14 07:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5276]: Failed password for root from 41.223.40.78 port 52498 ssh2
Jul 14 07:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5276]: Received disconnect from 41.223.40.78 port 52498:11: Bye Bye [preauth]
Jul 14 07:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5276]: Disconnected from 41.223.40.78 port 52498 [preauth]
Jul 14 07:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3594]: pam_unix(cron:session): session closed for user root
Jul 14 07:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 07:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.149.199  user=root
Jul 14 07:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5349]: Failed password for root from 27.254.149.199 port 40326 ssh2
Jul 14 07:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5349]: Received disconnect from 27.254.149.199 port 40326:11: Bye Bye [preauth]
Jul 14 07:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5349]: Disconnected from 27.254.149.199 port 40326 [preauth]
Jul 14 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5407]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5406]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5405]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5404]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5404]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5480]: Successful su for rubyman by root
Jul 14 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5480]: + ??? root:rubyman
Jul 14 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5480]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782865 of user rubyman.
Jul 14 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5480]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782865.
Jul 14 07:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2093]: pam_unix(cron:session): session closed for user root
Jul 14 07:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5405]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4064]: pam_unix(cron:session): session closed for user root
Jul 14 07:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 07:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.223.40.78  user=root
Jul 14 07:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5927]: Failed password for root from 41.223.40.78 port 56650 ssh2
Jul 14 07:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5927]: Received disconnect from 41.223.40.78 port 56650:11: Bye Bye [preauth]
Jul 14 07:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5927]: Disconnected from 41.223.40.78 port 56650 [preauth]
Jul 14 07:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5990]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5987]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5989]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5988]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5986]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5985]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5990]: pam_unix(cron:session): session closed for user root
Jul 14 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5985]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.149.199  user=root
Jul 14 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6071]: Successful su for rubyman by root
Jul 14 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6071]: + ??? root:rubyman
Jul 14 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6071]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782871 of user rubyman.
Jul 14 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6071]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782871.
Jul 14 07:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5982]: Failed password for root from 27.254.149.199 port 39424 ssh2
Jul 14 07:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5982]: Received disconnect from 27.254.149.199 port 39424:11: Bye Bye [preauth]
Jul 14 07:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5982]: Disconnected from 27.254.149.199 port 39424 [preauth]
Jul 14 07:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2534]: pam_unix(cron:session): session closed for user root
Jul 14 07:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5987]: pam_unix(cron:session): session closed for user root
Jul 14 07:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5986]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4743]: pam_unix(cron:session): session closed for user root
Jul 14 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6474]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6475]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6473]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6472]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6472]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6538]: Successful su for rubyman by root
Jul 14 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6538]: + ??? root:rubyman
Jul 14 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6538]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782876 of user rubyman.
Jul 14 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6538]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782876.
Jul 14 07:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 07:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.223.40.78  user=root
Jul 14 07:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2994]: pam_unix(cron:session): session closed for user root
Jul 14 07:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6665]: Failed password for root from 41.223.40.78 port 48736 ssh2
Jul 14 07:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6665]: Received disconnect from 41.223.40.78 port 48736:11: Bye Bye [preauth]
Jul 14 07:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6665]: Disconnected from 41.223.40.78 port 48736 [preauth]
Jul 14 07:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6473]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 07:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.149.199  user=root
Jul 14 07:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6792]: Failed password for root from 27.254.149.199 port 38528 ssh2
Jul 14 07:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6792]: Received disconnect from 27.254.149.199 port 38528:11: Bye Bye [preauth]
Jul 14 07:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6792]: Disconnected from 27.254.149.199 port 38528 [preauth]
Jul 14 07:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5407]: pam_unix(cron:session): session closed for user root
Jul 14 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6996]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6993]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6995]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6992]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6992]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7074]: Successful su for rubyman by root
Jul 14 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7074]: + ??? root:rubyman
Jul 14 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7074]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782879 of user rubyman.
Jul 14 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7074]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782879.
Jul 14 07:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3593]: pam_unix(cron:session): session closed for user root
Jul 14 07:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6993]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 07:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7323]: Invalid user sol from 193.32.162.141
Jul 14 07:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7323]: input_userauth_request: invalid user sol [preauth]
Jul 14 07:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7323]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 07:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.141
Jul 14 07:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7323]: Failed password for invalid user sol from 193.32.162.141 port 34948 ssh2
Jul 14 07:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7323]: Connection closed by 193.32.162.141 port 34948 [preauth]
Jul 14 07:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 07:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.223.40.78  user=root
Jul 14 07:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7358]: Failed password for root from 41.223.40.78 port 59930 ssh2
Jul 14 07:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7358]: Received disconnect from 41.223.40.78 port 59930:11: Bye Bye [preauth]
Jul 14 07:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7358]: Disconnected from 41.223.40.78 port 59930 [preauth]
Jul 14 07:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5989]: pam_unix(cron:session): session closed for user root
Jul 14 07:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 07:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.149.199  user=root
Jul 14 07:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7419]: Failed password for root from 27.254.149.199 port 37630 ssh2
Jul 14 07:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7419]: Received disconnect from 27.254.149.199 port 37630:11: Bye Bye [preauth]
Jul 14 07:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7419]: Disconnected from 27.254.149.199 port 37630 [preauth]
Jul 14 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7451]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7454]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7453]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7450]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7450]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7613]: Successful su for rubyman by root
Jul 14 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7613]: + ??? root:rubyman
Jul 14 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7613]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782883 of user rubyman.
Jul 14 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7613]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782883.
Jul 14 07:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4063]: pam_unix(cron:session): session closed for user root
Jul 14 07:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7451]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6475]: pam_unix(cron:session): session closed for user root
Jul 14 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8006]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8005]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8007]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8003]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8001]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8003]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8261]: Successful su for rubyman by root
Jul 14 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8261]: + ??? root:rubyman
Jul 14 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8261]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782889 of user rubyman.
Jul 14 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8261]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782889.
Jul 14 07:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8001]: pam_unix(cron:session): session closed for user root
Jul 14 07:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4742]: pam_unix(cron:session): session closed for user root
Jul 14 07:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8005]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6996]: pam_unix(cron:session): session closed for user root
Jul 14 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8684]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8687]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8688]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8689]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8685]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8686]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8689]: pam_unix(cron:session): session closed for user root
Jul 14 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8684]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8770]: Successful su for rubyman by root
Jul 14 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8770]: + ??? root:rubyman
Jul 14 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8770]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782895 of user rubyman.
Jul 14 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8770]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782895.
Jul 14 07:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8686]: pam_unix(cron:session): session closed for user root
Jul 14 07:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5406]: pam_unix(cron:session): session closed for user root
Jul 14 07:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8685]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7454]: pam_unix(cron:session): session closed for user root
Jul 14 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9248]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9249]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9247]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9250]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9247]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9353]: Successful su for rubyman by root
Jul 14 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9353]: + ??? root:rubyman
Jul 14 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9353]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782898 of user rubyman.
Jul 14 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9353]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782898.
Jul 14 07:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5988]: pam_unix(cron:session): session closed for user root
Jul 14 07:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9248]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8007]: pam_unix(cron:session): session closed for user root
Jul 14 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9704]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9705]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9703]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9701]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9701]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9771]: Successful su for rubyman by root
Jul 14 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9771]: + ??? root:rubyman
Jul 14 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9771]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782902 of user rubyman.
Jul 14 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9771]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782902.
Jul 14 07:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6474]: pam_unix(cron:session): session closed for user root
Jul 14 07:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9703]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8688]: pam_unix(cron:session): session closed for user root
Jul 14 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10123]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10122]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10120]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10121]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10120]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10183]: Successful su for rubyman by root
Jul 14 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10183]: + ??? root:rubyman
Jul 14 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10183]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782907 of user rubyman.
Jul 14 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10183]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782907.
Jul 14 07:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6995]: pam_unix(cron:session): session closed for user root
Jul 14 07:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10121]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9250]: pam_unix(cron:session): session closed for user root
Jul 14 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10671]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10672]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10673]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10670]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10670]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10766]: Successful su for rubyman by root
Jul 14 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10766]: + ??? root:rubyman
Jul 14 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10766]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782911 of user rubyman.
Jul 14 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10766]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782911.
Jul 14 07:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7453]: pam_unix(cron:session): session closed for user root
Jul 14 07:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10671]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9705]: pam_unix(cron:session): session closed for user root
Jul 14 07:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 07:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11079]: Invalid user solana from 193.32.162.141
Jul 14 07:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11079]: input_userauth_request: invalid user solana [preauth]
Jul 14 07:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11079]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 07:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.141
Jul 14 07:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11079]: Failed password for invalid user solana from 193.32.162.141 port 52290 ssh2
Jul 14 07:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11079]: Connection closed by 193.32.162.141 port 52290 [preauth]
Jul 14 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11101]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11103]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11100]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11102]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11099]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11104]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11104]: pam_unix(cron:session): session closed for user root
Jul 14 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11099]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11176]: Successful su for rubyman by root
Jul 14 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11176]: + ??? root:rubyman
Jul 14 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11176]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782915 of user rubyman.
Jul 14 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11176]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782915.
Jul 14 07:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11101]: pam_unix(cron:session): session closed for user root
Jul 14 07:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8006]: pam_unix(cron:session): session closed for user root
Jul 14 07:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11100]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10123]: pam_unix(cron:session): session closed for user root
Jul 14 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11546]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11548]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11547]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11544]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11544]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11616]: Successful su for rubyman by root
Jul 14 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11616]: + ??? root:rubyman
Jul 14 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11616]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782922 of user rubyman.
Jul 14 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11616]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782922.
Jul 14 07:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8687]: pam_unix(cron:session): session closed for user root
Jul 14 07:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11546]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10673]: pam_unix(cron:session): session closed for user root
Jul 14 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11976]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11977]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11975]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11974]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11972]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11972]: pam_unix(cron:session): session closed for user root
Jul 14 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11974]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12038]: Successful su for rubyman by root
Jul 14 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12038]: + ??? root:rubyman
Jul 14 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12038]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782926 of user rubyman.
Jul 14 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12038]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782926.
Jul 14 07:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9249]: pam_unix(cron:session): session closed for user root
Jul 14 07:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11975]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11103]: pam_unix(cron:session): session closed for user root
Jul 14 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12424]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12423]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12421]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12422]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12421]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12504]: Successful su for rubyman by root
Jul 14 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12504]: + ??? root:rubyman
Jul 14 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12504]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782929 of user rubyman.
Jul 14 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12504]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782929.
Jul 14 07:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9704]: pam_unix(cron:session): session closed for user root
Jul 14 07:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12422]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11548]: pam_unix(cron:session): session closed for user root
Jul 14 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12886]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12887]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12884]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12885]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12884]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12957]: Successful su for rubyman by root
Jul 14 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12957]: + ??? root:rubyman
Jul 14 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12957]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782934 of user rubyman.
Jul 14 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12957]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782934.
Jul 14 07:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10122]: pam_unix(cron:session): session closed for user root
Jul 14 07:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12885]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11977]: pam_unix(cron:session): session closed for user root
Jul 14 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13349]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13350]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13347]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13351]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13348]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13346]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13351]: pam_unix(cron:session): session closed for user root
Jul 14 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13346]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13420]: Successful su for rubyman by root
Jul 14 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13420]: + ??? root:rubyman
Jul 14 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13420]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782938 of user rubyman.
Jul 14 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13420]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782938.
Jul 14 07:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13348]: pam_unix(cron:session): session closed for user root
Jul 14 07:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10672]: pam_unix(cron:session): session closed for user root
Jul 14 07:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13347]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12424]: pam_unix(cron:session): session closed for user root
Jul 14 07:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 07:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13878]: Invalid user carlee from 80.94.95.15
Jul 14 07:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13878]: input_userauth_request: invalid user carlee [preauth]
Jul 14 07:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13878]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 07:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.15
Jul 14 07:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13878]: Failed password for invalid user carlee from 80.94.95.15 port 42027 ssh2
Jul 14 07:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13878]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 07:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13878]: Failed password for invalid user carlee from 80.94.95.15 port 42027 ssh2
Jul 14 07:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13878]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 07:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13878]: Failed password for invalid user carlee from 80.94.95.15 port 42027 ssh2
Jul 14 07:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13878]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13878]: Failed password for invalid user carlee from 80.94.95.15 port 42027 ssh2
Jul 14 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13878]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13902]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13901]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13900]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13899]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13899]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13967]: Successful su for rubyman by root
Jul 14 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13967]: + ??? root:rubyman
Jul 14 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13967]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782943 of user rubyman.
Jul 14 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13967]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782943.
Jul 14 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13878]: Failed password for invalid user carlee from 80.94.95.15 port 42027 ssh2
Jul 14 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13878]: Received disconnect from 80.94.95.15 port 42027:11: Bye [preauth]
Jul 14 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13878]: Disconnected from 80.94.95.15 port 42027 [preauth]
Jul 14 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13878]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.15
Jul 14 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13878]: PAM service(sshd) ignoring max retries; 5 > 3
Jul 14 07:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11102]: pam_unix(cron:session): session closed for user root
Jul 14 07:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13900]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12887]: pam_unix(cron:session): session closed for user root
Jul 14 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14309]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14311]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14310]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14308]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14308]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14373]: Successful su for rubyman by root
Jul 14 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14373]: + ??? root:rubyman
Jul 14 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14373]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782948 of user rubyman.
Jul 14 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14373]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782948.
Jul 14 07:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11547]: pam_unix(cron:session): session closed for user root
Jul 14 07:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14309]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 07:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14632]: Invalid user node from 193.32.162.141
Jul 14 07:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14632]: input_userauth_request: invalid user node [preauth]
Jul 14 07:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14632]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 07:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.141
Jul 14 07:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14632]: Failed password for invalid user node from 193.32.162.141 port 41398 ssh2
Jul 14 07:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14632]: Connection closed by 193.32.162.141 port 41398 [preauth]
Jul 14 07:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13350]: pam_unix(cron:session): session closed for user root
Jul 14 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14728]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14727]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14726]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14725]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14725]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14786]: Successful su for rubyman by root
Jul 14 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14786]: + ??? root:rubyman
Jul 14 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14786]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782952 of user rubyman.
Jul 14 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14786]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782952.
Jul 14 07:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11976]: pam_unix(cron:session): session closed for user root
Jul 14 07:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14726]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13902]: pam_unix(cron:session): session closed for user root
Jul 14 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15141]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15140]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15142]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15143]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15140]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15199]: Successful su for rubyman by root
Jul 14 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15199]: + ??? root:rubyman
Jul 14 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15199]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782955 of user rubyman.
Jul 14 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15199]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782955.
Jul 14 07:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12423]: pam_unix(cron:session): session closed for user root
Jul 14 07:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15141]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 07:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15403]: Invalid user user1 from 190.103.202.7
Jul 14 07:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15403]: input_userauth_request: invalid user user1 [preauth]
Jul 14 07:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15403]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 07:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Jul 14 07:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15403]: Failed password for invalid user user1 from 190.103.202.7 port 43258 ssh2
Jul 14 07:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15403]: Connection closed by 190.103.202.7 port 43258 [preauth]
Jul 14 07:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14311]: pam_unix(cron:session): session closed for user root
Jul 14 07:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 07:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15499]: Did not receive identification string from 103.145.63.106
Jul 14 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15554]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15553]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15555]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15552]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15549]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15551]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15555]: pam_unix(cron:session): session closed for user root
Jul 14 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15549]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15620]: Successful su for rubyman by root
Jul 14 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15620]: + ??? root:rubyman
Jul 14 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15620]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782959 of user rubyman.
Jul 14 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15620]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782959.
Jul 14 07:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12886]: pam_unix(cron:session): session closed for user root
Jul 14 07:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15552]: pam_unix(cron:session): session closed for user root
Jul 14 07:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15551]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14728]: pam_unix(cron:session): session closed for user root
Jul 14 07:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 07:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15978]: Bad protocol version identification '\026\003\001' from 184.105.247.196 port 23402
Jul 14 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15991]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15992]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15990]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15988]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15988]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16055]: Successful su for rubyman by root
Jul 14 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16055]: + ??? root:rubyman
Jul 14 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16055]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782967 of user rubyman.
Jul 14 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16055]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782967.
Jul 14 07:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13349]: pam_unix(cron:session): session closed for user root
Jul 14 07:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15990]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15143]: pam_unix(cron:session): session closed for user root
Jul 14 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16395]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16394]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16392]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16393]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16392]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16471]: Successful su for rubyman by root
Jul 14 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16471]: + ??? root:rubyman
Jul 14 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16471]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782969 of user rubyman.
Jul 14 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16471]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782969.
Jul 14 07:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13901]: pam_unix(cron:session): session closed for user root
Jul 14 07:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16393]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15554]: pam_unix(cron:session): session closed for user root
Jul 14 07:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 07:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16810]: Did not receive identification string from 111.6.42.93
Jul 14 07:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 07:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.6.42.93  user=root
Jul 14 07:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16819]: Failed password for root from 111.6.42.93 port 48864 ssh2
Jul 14 07:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16819]: Connection closed by 111.6.42.93 port 48864 [preauth]
Jul 14 07:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 07:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.6.42.93  user=root
Jul 14 07:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16835]: Failed password for root from 111.6.42.93 port 48872 ssh2
Jul 14 07:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16835]: Connection closed by 111.6.42.93 port 48872 [preauth]
Jul 14 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16871]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16870]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16869]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16868]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16868]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16957]: Successful su for rubyman by root
Jul 14 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16957]: + ??? root:rubyman
Jul 14 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16957]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782973 of user rubyman.
Jul 14 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16957]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782973.
Jul 14 07:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14310]: pam_unix(cron:session): session closed for user root
Jul 14 07:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16869]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15992]: pam_unix(cron:session): session closed for user root
Jul 14 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17318]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17320]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17319]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17317]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17317]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17379]: Successful su for rubyman by root
Jul 14 07:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17379]: + ??? root:rubyman
Jul 14 07:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17379]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782977 of user rubyman.
Jul 14 07:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17379]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782977.
Jul 14 07:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14727]: pam_unix(cron:session): session closed for user root
Jul 14 07:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17318]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16395]: pam_unix(cron:session): session closed for user root
Jul 14 07:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 07:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17749]: Invalid user mapr from 193.32.162.141
Jul 14 07:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17749]: input_userauth_request: invalid user mapr [preauth]
Jul 14 07:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17749]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 07:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.141
Jul 14 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17760]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17755]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17759]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17756]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17762]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17758]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17762]: pam_unix(cron:session): session closed for user root
Jul 14 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17755]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17934]: Successful su for rubyman by root
Jul 14 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17934]: + ??? root:rubyman
Jul 14 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17934]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782982 of user rubyman.
Jul 14 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17934]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782982.
Jul 14 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17749]: Failed password for invalid user mapr from 193.32.162.141 port 58740 ssh2
Jul 14 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17749]: Connection closed by 193.32.162.141 port 58740 [preauth]
Jul 14 07:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17758]: pam_unix(cron:session): session closed for user root
Jul 14 07:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15142]: pam_unix(cron:session): session closed for user root
Jul 14 07:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17756]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16871]: pam_unix(cron:session): session closed for user root
Jul 14 07:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 07:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.125  user=root
Jul 14 07:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18251]: Failed password for root from 195.178.110.125 port 33740 ssh2
Jul 14 07:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18251]: Connection closed by 195.178.110.125 port 33740 [preauth]
Jul 14 07:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 07:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.125  user=root
Jul 14 07:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18259]: Failed password for root from 195.178.110.125 port 33752 ssh2
Jul 14 07:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18259]: Connection closed by 195.178.110.125 port 33752 [preauth]
Jul 14 07:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 07:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.125  user=root
Jul 14 07:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18272]: Failed password for root from 195.178.110.125 port 33766 ssh2
Jul 14 07:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18272]: Connection closed by 195.178.110.125 port 33766 [preauth]
Jul 14 07:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 07:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.125  user=root
Jul 14 07:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18282]: Failed password for root from 195.178.110.125 port 33780 ssh2
Jul 14 07:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18282]: Connection closed by 195.178.110.125 port 33780 [preauth]
Jul 14 07:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 07:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.125  user=root
Jul 14 07:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18302]: Failed password for root from 195.178.110.125 port 49878 ssh2
Jul 14 07:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18302]: Connection closed by 195.178.110.125 port 49878 [preauth]
Jul 14 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18350]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18353]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18351]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18349]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18349]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18432]: Successful su for rubyman by root
Jul 14 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18432]: + ??? root:rubyman
Jul 14 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18432]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782987 of user rubyman.
Jul 14 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18432]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782987.
Jul 14 07:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15553]: pam_unix(cron:session): session closed for user root
Jul 14 07:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18350]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17320]: pam_unix(cron:session): session closed for user root
Jul 14 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18788]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18786]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18789]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18785]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18785]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18849]: Successful su for rubyman by root
Jul 14 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18849]: + ??? root:rubyman
Jul 14 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18849]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782991 of user rubyman.
Jul 14 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18849]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782991.
Jul 14 07:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15991]: pam_unix(cron:session): session closed for user root
Jul 14 07:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18786]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17760]: pam_unix(cron:session): session closed for user root
Jul 14 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19198]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19199]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19197]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19196]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19196]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19268]: Successful su for rubyman by root
Jul 14 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19268]: + ??? root:rubyman
Jul 14 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19268]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782996 of user rubyman.
Jul 14 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19268]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782996.
Jul 14 07:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16394]: pam_unix(cron:session): session closed for user root
Jul 14 07:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19197]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18353]: pam_unix(cron:session): session closed for user root
Jul 14 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19629]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19630]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19628]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19627]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19627]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19706]: Successful su for rubyman by root
Jul 14 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19706]: + ??? root:rubyman
Jul 14 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19706]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 782999 of user rubyman.
Jul 14 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19706]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 782999.
Jul 14 07:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16870]: pam_unix(cron:session): session closed for user root
Jul 14 07:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19628]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18789]: pam_unix(cron:session): session closed for user root
Jul 14 07:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 07:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.178.188.105  user=root
Jul 14 07:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20004]: Failed password for root from 74.178.188.105 port 37644 ssh2
Jul 14 07:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20004]: Connection reset by 74.178.188.105 port 37644 [preauth]
Jul 14 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20075]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20072]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20071]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20070]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20074]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20073]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20075]: pam_unix(cron:session): session closed for user root
Jul 14 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20070]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20142]: Successful su for rubyman by root
Jul 14 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20142]: + ??? root:rubyman
Jul 14 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20142]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783008 of user rubyman.
Jul 14 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20142]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783008.
Jul 14 07:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20072]: pam_unix(cron:session): session closed for user root
Jul 14 07:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17319]: pam_unix(cron:session): session closed for user root
Jul 14 07:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20071]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19199]: pam_unix(cron:session): session closed for user root
Jul 14 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20520]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20519]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20521]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20518]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20518]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20586]: Successful su for rubyman by root
Jul 14 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20586]: + ??? root:rubyman
Jul 14 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20586]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783012 of user rubyman.
Jul 14 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20586]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783012.
Jul 14 07:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17759]: pam_unix(cron:session): session closed for user root
Jul 14 07:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20519]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19630]: pam_unix(cron:session): session closed for user root
Jul 14 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20953]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20952]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20951]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20950]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20950]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21008]: Successful su for rubyman by root
Jul 14 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21008]: + ??? root:rubyman
Jul 14 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21008]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783015 of user rubyman.
Jul 14 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21008]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783015.
Jul 14 07:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18351]: pam_unix(cron:session): session closed for user root
Jul 14 07:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 07:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21175]: Connection closed by 66.240.192.85 port 53899 [preauth]
Jul 14 07:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20951]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20074]: pam_unix(cron:session): session closed for user root
Jul 14 07:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 07:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21335]: Invalid user oneadmin from 193.32.162.141
Jul 14 07:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21335]: input_userauth_request: invalid user oneadmin [preauth]
Jul 14 07:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21335]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 07:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.141
Jul 14 07:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21335]: Failed password for invalid user oneadmin from 193.32.162.141 port 47846 ssh2
Jul 14 07:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21335]: Connection closed by 193.32.162.141 port 47846 [preauth]
Jul 14 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21398]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21399]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21397]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21394]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21394]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21458]: Successful su for rubyman by root
Jul 14 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21458]: + ??? root:rubyman
Jul 14 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21458]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783018 of user rubyman.
Jul 14 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21458]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783018.
Jul 14 07:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18788]: pam_unix(cron:session): session closed for user root
Jul 14 07:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21397]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20521]: pam_unix(cron:session): session closed for user root
Jul 14 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22138]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22139]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22140]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22137]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22133]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22137]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22323]: Successful su for rubyman by root
Jul 14 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22323]: + ??? root:rubyman
Jul 14 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22323]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783021 of user rubyman.
Jul 14 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22323]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783021.
Jul 14 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22133]: pam_unix(cron:session): session closed for user root
Jul 14 07:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19198]: pam_unix(cron:session): session closed for user root
Jul 14 07:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22138]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20953]: pam_unix(cron:session): session closed for user root
Jul 14 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22740]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22736]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22742]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22739]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22743]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22738]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22743]: pam_unix(cron:session): session closed for user root
Jul 14 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22736]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22825]: Successful su for rubyman by root
Jul 14 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22825]: + ??? root:rubyman
Jul 14 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22825]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783029 of user rubyman.
Jul 14 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22825]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783029.
Jul 14 07:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22739]: pam_unix(cron:session): session closed for user root
Jul 14 07:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19629]: pam_unix(cron:session): session closed for user root
Jul 14 07:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22738]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21399]: pam_unix(cron:session): session closed for user root
Jul 14 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23250]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23251]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23252]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23249]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23249]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23403]: Successful su for rubyman by root
Jul 14 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23403]: + ??? root:rubyman
Jul 14 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23403]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783032 of user rubyman.
Jul 14 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23403]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783032.
Jul 14 07:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20073]: pam_unix(cron:session): session closed for user root
Jul 14 07:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23250]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 07:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23644]: Invalid user ubnt from 80.94.95.15
Jul 14 07:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23644]: input_userauth_request: invalid user ubnt [preauth]
Jul 14 07:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23644]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 07:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.15
Jul 14 07:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23644]: Failed password for invalid user ubnt from 80.94.95.15 port 53448 ssh2
Jul 14 07:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23644]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 07:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23644]: Failed password for invalid user ubnt from 80.94.95.15 port 53448 ssh2
Jul 14 07:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23644]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 07:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23644]: Failed password for invalid user ubnt from 80.94.95.15 port 53448 ssh2
Jul 14 07:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23644]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 07:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23644]: Failed password for invalid user ubnt from 80.94.95.15 port 53448 ssh2
Jul 14 07:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23644]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 07:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23644]: Failed password for invalid user ubnt from 80.94.95.15 port 53448 ssh2
Jul 14 07:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23644]: Received disconnect from 80.94.95.15 port 53448:11: Bye [preauth]
Jul 14 07:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23644]: Disconnected from 80.94.95.15 port 53448 [preauth]
Jul 14 07:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23644]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.15
Jul 14 07:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23644]: PAM service(sshd) ignoring max retries; 5 > 3
Jul 14 07:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22140]: pam_unix(cron:session): session closed for user root
Jul 14 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23857]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23858]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23855]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23852]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23852]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23934]: Successful su for rubyman by root
Jul 14 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23934]: + ??? root:rubyman
Jul 14 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23934]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783036 of user rubyman.
Jul 14 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23934]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783036.
Jul 14 07:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20520]: pam_unix(cron:session): session closed for user root
Jul 14 07:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23855]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22742]: pam_unix(cron:session): session closed for user root
Jul 14 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24325]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24321]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24323]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24322]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24321]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24394]: Successful su for rubyman by root
Jul 14 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24394]: + ??? root:rubyman
Jul 14 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24394]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783041 of user rubyman.
Jul 14 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24394]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783041.
Jul 14 07:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20952]: pam_unix(cron:session): session closed for user root
Jul 14 07:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24322]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23252]: pam_unix(cron:session): session closed for user root
Jul 14 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24775]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24774]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24773]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24776]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24773]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24836]: Successful su for rubyman by root
Jul 14 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24836]: + ??? root:rubyman
Jul 14 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24836]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783044 of user rubyman.
Jul 14 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24836]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783044.
Jul 14 07:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21398]: pam_unix(cron:session): session closed for user root
Jul 14 07:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24774]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23858]: pam_unix(cron:session): session closed for user root
Jul 14 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25195]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25193]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25194]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25192]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25191]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25190]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25195]: pam_unix(cron:session): session closed for user root
Jul 14 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25190]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25272]: Successful su for rubyman by root
Jul 14 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25272]: + ??? root:rubyman
Jul 14 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25272]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783050 of user rubyman.
Jul 14 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25272]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783050.
Jul 14 07:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25192]: pam_unix(cron:session): session closed for user root
Jul 14 07:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22139]: pam_unix(cron:session): session closed for user root
Jul 14 07:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25191]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 07:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25497]: Invalid user vyos from 193.32.162.141
Jul 14 07:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25497]: input_userauth_request: invalid user vyos [preauth]
Jul 14 07:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25497]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 07:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.141
Jul 14 07:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25497]: Failed password for invalid user vyos from 193.32.162.141 port 36954 ssh2
Jul 14 07:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25497]: Connection closed by 193.32.162.141 port 36954 [preauth]
Jul 14 07:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24325]: pam_unix(cron:session): session closed for user root
Jul 14 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25704]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25706]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25705]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25703]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25703]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25790]: Successful su for rubyman by root
Jul 14 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25790]: + ??? root:rubyman
Jul 14 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25790]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783056 of user rubyman.
Jul 14 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25790]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783056.
Jul 14 07:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22740]: pam_unix(cron:session): session closed for user root
Jul 14 07:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25704]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24776]: pam_unix(cron:session): session closed for user root
Jul 14 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26176]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26177]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26174]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26175]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26174]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26238]: Successful su for rubyman by root
Jul 14 07:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26238]: + ??? root:rubyman
Jul 14 07:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26238]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783060 of user rubyman.
Jul 14 07:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26238]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783060.
Jul 14 07:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23251]: pam_unix(cron:session): session closed for user root
Jul 14 07:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26175]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25194]: pam_unix(cron:session): session closed for user root
Jul 14 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26692]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26694]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26693]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26690]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26690]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26766]: Successful su for rubyman by root
Jul 14 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26766]: + ??? root:rubyman
Jul 14 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26766]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783062 of user rubyman.
Jul 14 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26766]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783062.
Jul 14 07:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23857]: pam_unix(cron:session): session closed for user root
Jul 14 07:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26692]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25706]: pam_unix(cron:session): session closed for user root
Jul 14 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27246]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27243]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27245]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27242]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27242]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27334]: Successful su for rubyman by root
Jul 14 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27334]: + ??? root:rubyman
Jul 14 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27334]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783067 of user rubyman.
Jul 14 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27334]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783067.
Jul 14 07:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24323]: pam_unix(cron:session): session closed for user root
Jul 14 07:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27243]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26177]: pam_unix(cron:session): session closed for user root
Jul 14 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27794]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27793]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27792]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27789]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27791]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27790]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27794]: pam_unix(cron:session): session closed for user root
Jul 14 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27789]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27882]: Successful su for rubyman by root
Jul 14 07:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27882]: + ??? root:rubyman
Jul 14 07:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27882]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783071 of user rubyman.
Jul 14 07:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27882]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783071.
Jul 14 07:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27791]: pam_unix(cron:session): session closed for user root
Jul 14 07:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24775]: pam_unix(cron:session): session closed for user root
Jul 14 07:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27790]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26694]: pam_unix(cron:session): session closed for user root
Jul 14 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28267]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28266]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28264]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28263]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28263]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28332]: Successful su for rubyman by root
Jul 14 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28332]: + ??? root:rubyman
Jul 14 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28332]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783078 of user rubyman.
Jul 14 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28332]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783078.
Jul 14 07:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25193]: pam_unix(cron:session): session closed for user root
Jul 14 07:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28264]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27246]: pam_unix(cron:session): session closed for user root
Jul 14 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28706]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28707]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28704]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28705]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28704]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28768]: Successful su for rubyman by root
Jul 14 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28768]: + ??? root:rubyman
Jul 14 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28768]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783081 of user rubyman.
Jul 14 07:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28768]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783081.
Jul 14 07:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25705]: pam_unix(cron:session): session closed for user root
Jul 14 07:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28705]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27793]: pam_unix(cron:session): session closed for user root
Jul 14 07:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 07:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29172]: Invalid user hpc-riscv from 193.32.162.141
Jul 14 07:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29172]: input_userauth_request: invalid user hpc-riscv [preauth]
Jul 14 07:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29172]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 07:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.141
Jul 14 07:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29172]: Failed password for invalid user hpc-riscv from 193.32.162.141 port 54294 ssh2
Jul 14 07:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29172]: Connection closed by 193.32.162.141 port 54294 [preauth]
Jul 14 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29217]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29219]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29218]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29216]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29216]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29286]: Successful su for rubyman by root
Jul 14 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29286]: + ??? root:rubyman
Jul 14 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29286]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783086 of user rubyman.
Jul 14 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29286]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783086.
Jul 14 07:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26176]: pam_unix(cron:session): session closed for user root
Jul 14 07:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29217]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28267]: pam_unix(cron:session): session closed for user root
Jul 14 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29661]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29659]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29660]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29662]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29659]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29727]: Successful su for rubyman by root
Jul 14 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29727]: + ??? root:rubyman
Jul 14 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29727]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783091 of user rubyman.
Jul 14 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29727]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783091.
Jul 14 07:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26693]: pam_unix(cron:session): session closed for user root
Jul 14 07:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29660]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28707]: pam_unix(cron:session): session closed for user root
Jul 14 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30090]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30085]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30086]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30092]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30089]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30088]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30092]: pam_unix(cron:session): session closed for user root
Jul 14 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30085]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30157]: Successful su for rubyman by root
Jul 14 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30157]: + ??? root:rubyman
Jul 14 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30157]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783094 of user rubyman.
Jul 14 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30157]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783094.
Jul 14 07:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27245]: pam_unix(cron:session): session closed for user root
Jul 14 07:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30088]: pam_unix(cron:session): session closed for user root
Jul 14 07:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30086]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29219]: pam_unix(cron:session): session closed for user root
Jul 14 07:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 07:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30463]: Invalid user shiny from 164.68.105.9
Jul 14 07:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30463]: input_userauth_request: invalid user shiny [preauth]
Jul 14 07:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30463]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 07:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Jul 14 07:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30463]: Failed password for invalid user shiny from 164.68.105.9 port 43594 ssh2
Jul 14 07:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30463]: Connection closed by 164.68.105.9 port 43594 [preauth]
Jul 14 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30533]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30532]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30531]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30528]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30528]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30602]: Successful su for rubyman by root
Jul 14 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30602]: + ??? root:rubyman
Jul 14 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30602]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783098 of user rubyman.
Jul 14 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30602]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783098.
Jul 14 07:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27792]: pam_unix(cron:session): session closed for user root
Jul 14 07:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30531]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29662]: pam_unix(cron:session): session closed for user root
Jul 14 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31038]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31036]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31035]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31037]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31035]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31119]: Successful su for rubyman by root
Jul 14 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31119]: + ??? root:rubyman
Jul 14 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31119]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783103 of user rubyman.
Jul 14 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31119]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783103.
Jul 14 07:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28266]: pam_unix(cron:session): session closed for user root
Jul 14 07:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31036]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30090]: pam_unix(cron:session): session closed for user root
Jul 14 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31475]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31474]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31471]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31472]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31471]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31537]: Successful su for rubyman by root
Jul 14 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31537]: + ??? root:rubyman
Jul 14 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31537]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783106 of user rubyman.
Jul 14 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31537]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783106.
Jul 14 07:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28706]: pam_unix(cron:session): session closed for user root
Jul 14 07:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31472]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30533]: pam_unix(cron:session): session closed for user root
Jul 14 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32034]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32035]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32033]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32032]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32032]: pam_unix(cron:session): session closed for user p13x
Jul 14 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32242]: Successful su for rubyman by root
Jul 14 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32242]: + ??? root:rubyman
Jul 14 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32242]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783111 of user rubyman.
Jul 14 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32242]: pam_unix(su:session): session closed for user rubyman
Jul 14 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783111.
Jul 14 07:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29218]: pam_unix(cron:session): session closed for user root
Jul 14 07:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32033]: pam_unix(cron:session): session closed for user samftp
Jul 14 07:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31038]: pam_unix(cron:session): session closed for user root
Jul 14 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[311]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[312]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[303]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[305]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[306]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[309]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[304]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[312]: pam_unix(cron:session): session closed for user root
Jul 14 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[305]: pam_unix(cron:session): session closed for user root
Jul 14 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[303]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[465]: Successful su for rubyman by root
Jul 14 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[465]: + ??? root:rubyman
Jul 14 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[465]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783114 of user rubyman.
Jul 14 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[465]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783114.
Jul 14 08:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29661]: pam_unix(cron:session): session closed for user root
Jul 14 08:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[306]: pam_unix(cron:session): session closed for user root
Jul 14 08:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[304]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[769]: Invalid user riscv from 193.32.162.141
Jul 14 08:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[769]: input_userauth_request: invalid user riscv [preauth]
Jul 14 08:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[769]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 08:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.141
Jul 14 08:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[769]: Failed password for invalid user riscv from 193.32.162.141 port 43404 ssh2
Jul 14 08:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[769]: Connection closed by 193.32.162.141 port 43404 [preauth]
Jul 14 08:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31475]: pam_unix(cron:session): session closed for user root
Jul 14 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[974]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[970]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[969]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[968]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[968]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1071]: Successful su for rubyman by root
Jul 14 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1071]: + ??? root:rubyman
Jul 14 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1071]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783123 of user rubyman.
Jul 14 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1071]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783123.
Jul 14 08:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30089]: pam_unix(cron:session): session closed for user root
Jul 14 08:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[969]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32035]: pam_unix(cron:session): session closed for user root
Jul 14 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1498]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1497]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1496]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1495]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1495]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1569]: Successful su for rubyman by root
Jul 14 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1569]: + ??? root:rubyman
Jul 14 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1569]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783125 of user rubyman.
Jul 14 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1569]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783125.
Jul 14 08:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30532]: pam_unix(cron:session): session closed for user root
Jul 14 08:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1496]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1841]: Invalid user admin from 78.128.112.74
Jul 14 08:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1841]: input_userauth_request: invalid user admin [preauth]
Jul 14 08:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1841]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 08:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74
Jul 14 08:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1841]: Failed password for invalid user admin from 78.128.112.74 port 58458 ssh2
Jul 14 08:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1841]: Connection closed by 78.128.112.74 port 58458 [preauth]
Jul 14 08:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[311]: pam_unix(cron:session): session closed for user root
Jul 14 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2066]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2065]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2064]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2063]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2063]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2127]: Successful su for rubyman by root
Jul 14 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2127]: + ??? root:rubyman
Jul 14 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2127]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783130 of user rubyman.
Jul 14 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2127]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783130.
Jul 14 08:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31037]: pam_unix(cron:session): session closed for user root
Jul 14 08:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2064]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[974]: pam_unix(cron:session): session closed for user root
Jul 14 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2504]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2503]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2501]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2500]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2500]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2568]: Successful su for rubyman by root
Jul 14 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2568]: + ??? root:rubyman
Jul 14 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2568]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783133 of user rubyman.
Jul 14 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2568]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783133.
Jul 14 08:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31474]: pam_unix(cron:session): session closed for user root
Jul 14 08:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2501]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.75.216.74  user=root
Jul 14 08:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2847]: Failed password for root from 182.75.216.74 port 36846 ssh2
Jul 14 08:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2847]: Received disconnect from 182.75.216.74 port 36846:11: Bye Bye [preauth]
Jul 14 08:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2847]: Disconnected from 182.75.216.74 port 36846 [preauth]
Jul 14 08:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1498]: pam_unix(cron:session): session closed for user root
Jul 14 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2955]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2956]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2957]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2954]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2953]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2952]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2957]: pam_unix(cron:session): session closed for user root
Jul 14 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2952]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3029]: Successful su for rubyman by root
Jul 14 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3029]: + ??? root:rubyman
Jul 14 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3029]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783139 of user rubyman.
Jul 14 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3029]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783139.
Jul 14 08:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2954]: pam_unix(cron:session): session closed for user root
Jul 14 08:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32034]: pam_unix(cron:session): session closed for user root
Jul 14 08:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2953]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2066]: pam_unix(cron:session): session closed for user root
Jul 14 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3449]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3450]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3448]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3447]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3447]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3523]: Successful su for rubyman by root
Jul 14 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3523]: + ??? root:rubyman
Jul 14 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3523]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783144 of user rubyman.
Jul 14 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3523]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783144.
Jul 14 08:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[309]: pam_unix(cron:session): session closed for user root
Jul 14 08:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3448]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2504]: pam_unix(cron:session): session closed for user root
Jul 14 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3914]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3916]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3913]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3912]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3912]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4013]: Successful su for rubyman by root
Jul 14 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4013]: + ??? root:rubyman
Jul 14 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4013]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783148 of user rubyman.
Jul 14 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4013]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783148.
Jul 14 08:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[970]: pam_unix(cron:session): session closed for user root
Jul 14 08:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3913]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2956]: pam_unix(cron:session): session closed for user root
Jul 14 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4630]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4631]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4632]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4629]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4629]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4692]: Successful su for rubyman by root
Jul 14 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4692]: + ??? root:rubyman
Jul 14 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4692]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783153 of user rubyman.
Jul 14 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4692]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783153.
Jul 14 08:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1497]: pam_unix(cron:session): session closed for user root
Jul 14 08:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4832]: Invalid user riscv from 193.32.162.141
Jul 14 08:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4832]: input_userauth_request: invalid user riscv [preauth]
Jul 14 08:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4832]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 08:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.141
Jul 14 08:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4832]: Failed password for invalid user riscv from 193.32.162.141 port 60744 ssh2
Jul 14 08:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4832]: Connection closed by 193.32.162.141 port 60744 [preauth]
Jul 14 08:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4630]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.75.216.74  user=root
Jul 14 08:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4905]: Failed password for root from 182.75.216.74 port 35548 ssh2
Jul 14 08:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4905]: Received disconnect from 182.75.216.74 port 35548:11: Bye Bye [preauth]
Jul 14 08:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4905]: Disconnected from 182.75.216.74 port 35548 [preauth]
Jul 14 08:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3450]: pam_unix(cron:session): session closed for user root
Jul 14 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5291]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5292]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5293]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5290]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5288]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5290]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5433]: Successful su for rubyman by root
Jul 14 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5433]: + ??? root:rubyman
Jul 14 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5433]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783155 of user rubyman.
Jul 14 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5433]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783155.
Jul 14 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5288]: pam_unix(cron:session): session closed for user root
Jul 14 08:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2065]: pam_unix(cron:session): session closed for user root
Jul 14 08:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5291]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3916]: pam_unix(cron:session): session closed for user root
Jul 14 08:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.75.216.74  user=root
Jul 14 08:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5800]: Failed password for root from 182.75.216.74 port 4207 ssh2
Jul 14 08:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5800]: Received disconnect from 182.75.216.74 port 4207:11: Bye Bye [preauth]
Jul 14 08:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5800]: Disconnected from 182.75.216.74 port 4207 [preauth]
Jul 14 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5964]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5963]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5962]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5967]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5969]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5966]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5969]: pam_unix(cron:session): session closed for user root
Jul 14 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5962]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6050]: Successful su for rubyman by root
Jul 14 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6050]: + ??? root:rubyman
Jul 14 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6050]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783165 of user rubyman.
Jul 14 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6050]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783165.
Jul 14 08:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2503]: pam_unix(cron:session): session closed for user root
Jul 14 08:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5964]: pam_unix(cron:session): session closed for user root
Jul 14 08:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5963]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4632]: pam_unix(cron:session): session closed for user root
Jul 14 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6450]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6451]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6449]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6446]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6446]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6519]: Successful su for rubyman by root
Jul 14 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6519]: + ??? root:rubyman
Jul 14 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6519]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783166 of user rubyman.
Jul 14 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6519]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783166.
Jul 14 08:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.75.216.74  user=root
Jul 14 08:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2955]: pam_unix(cron:session): session closed for user root
Jul 14 08:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6583]: Failed password for root from 182.75.216.74 port 13149 ssh2
Jul 14 08:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6583]: Received disconnect from 182.75.216.74 port 13149:11: Bye Bye [preauth]
Jul 14 08:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6583]: Disconnected from 182.75.216.74 port 13149 [preauth]
Jul 14 08:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6449]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5293]: pam_unix(cron:session): session closed for user root
Jul 14 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6885]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6887]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6884]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6883]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6883]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7042]: Successful su for rubyman by root
Jul 14 08:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7042]: + ??? root:rubyman
Jul 14 08:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7042]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783170 of user rubyman.
Jul 14 08:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7042]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783170.
Jul 14 08:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3449]: pam_unix(cron:session): session closed for user root
Jul 14 08:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6884]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.75.216.74  user=root
Jul 14 08:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7333]: Failed password for root from 182.75.216.74 port 16976 ssh2
Jul 14 08:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7333]: Received disconnect from 182.75.216.74 port 16976:11: Bye Bye [preauth]
Jul 14 08:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7333]: Disconnected from 182.75.216.74 port 16976 [preauth]
Jul 14 08:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5967]: pam_unix(cron:session): session closed for user root
Jul 14 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7423]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7425]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7424]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7422]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7422]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7491]: Successful su for rubyman by root
Jul 14 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7491]: + ??? root:rubyman
Jul 14 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7491]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783174 of user rubyman.
Jul 14 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7491]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783174.
Jul 14 08:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3914]: pam_unix(cron:session): session closed for user root
Jul 14 08:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7423]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6451]: pam_unix(cron:session): session closed for user root
Jul 14 08:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.75.216.74  user=root
Jul 14 08:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7951]: Failed password for root from 182.75.216.74 port 33117 ssh2
Jul 14 08:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7951]: Received disconnect from 182.75.216.74 port 33117:11: Bye Bye [preauth]
Jul 14 08:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7951]: Disconnected from 182.75.216.74 port 33117 [preauth]
Jul 14 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7981]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7980]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7979]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7977]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7977]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8038]: Successful su for rubyman by root
Jul 14 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8038]: + ??? root:rubyman
Jul 14 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8038]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783178 of user rubyman.
Jul 14 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8038]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783178.
Jul 14 08:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4631]: pam_unix(cron:session): session closed for user root
Jul 14 08:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7979]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6887]: pam_unix(cron:session): session closed for user root
Jul 14 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8529]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8532]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8526]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8528]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8531]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8527]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8532]: pam_unix(cron:session): session closed for user root
Jul 14 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8526]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8627]: Successful su for rubyman by root
Jul 14 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8627]: + ??? root:rubyman
Jul 14 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8627]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783187 of user rubyman.
Jul 14 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8627]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783187.
Jul 14 08:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8528]: pam_unix(cron:session): session closed for user root
Jul 14 08:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5292]: pam_unix(cron:session): session closed for user root
Jul 14 08:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8527]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.75.216.74  user=root
Jul 14 08:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8874]: Failed password for root from 182.75.216.74 port 20086 ssh2
Jul 14 08:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8874]: Received disconnect from 182.75.216.74 port 20086:11: Bye Bye [preauth]
Jul 14 08:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8874]: Disconnected from 182.75.216.74 port 20086 [preauth]
Jul 14 08:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7425]: pam_unix(cron:session): session closed for user root
Jul 14 08:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9011]: Invalid user riscv from 193.32.162.141
Jul 14 08:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9011]: input_userauth_request: invalid user riscv [preauth]
Jul 14 08:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9011]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 08:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.141
Jul 14 08:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9011]: Failed password for invalid user riscv from 193.32.162.141 port 49878 ssh2
Jul 14 08:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9011]: Connection closed by 193.32.162.141 port 49878 [preauth]
Jul 14 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9033]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9035]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9034]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9032]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9032]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9110]: Successful su for rubyman by root
Jul 14 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9110]: + ??? root:rubyman
Jul 14 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9110]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783190 of user rubyman.
Jul 14 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9110]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783190.
Jul 14 08:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5966]: pam_unix(cron:session): session closed for user root
Jul 14 08:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9033]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.75.216.74  user=root
Jul 14 08:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7981]: pam_unix(cron:session): session closed for user root
Jul 14 08:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9492]: Failed password for root from 182.75.216.74 port 61199 ssh2
Jul 14 08:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9492]: Received disconnect from 182.75.216.74 port 61199:11: Bye Bye [preauth]
Jul 14 08:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9492]: Disconnected from 182.75.216.74 port 61199 [preauth]
Jul 14 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9581]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9579]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9582]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9580]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9577]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9577]: pam_unix(cron:session): session closed for user root
Jul 14 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9579]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9649]: Successful su for rubyman by root
Jul 14 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9649]: + ??? root:rubyman
Jul 14 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9649]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783192 of user rubyman.
Jul 14 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9649]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783192.
Jul 14 08:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6450]: pam_unix(cron:session): session closed for user root
Jul 14 08:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9580]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: Invalid user kianna from 80.94.95.15
Jul 14 08:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: input_userauth_request: invalid user kianna [preauth]
Jul 14 08:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 08:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.15
Jul 14 08:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: Failed password for invalid user kianna from 80.94.95.15 port 43020 ssh2
Jul 14 08:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 08:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: Failed password for invalid user kianna from 80.94.95.15 port 43020 ssh2
Jul 14 08:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 08:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: Failed password for invalid user kianna from 80.94.95.15 port 43020 ssh2
Jul 14 08:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 08:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: Failed password for invalid user kianna from 80.94.95.15 port 43020 ssh2
Jul 14 08:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 08:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: Failed password for invalid user kianna from 80.94.95.15 port 43020 ssh2
Jul 14 08:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: Received disconnect from 80.94.95.15 port 43020:11: Bye [preauth]
Jul 14 08:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: Disconnected from 80.94.95.15 port 43020 [preauth]
Jul 14 08:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.15
Jul 14 08:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: PAM service(sshd) ignoring max retries; 5 > 3
Jul 14 08:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8531]: pam_unix(cron:session): session closed for user root
Jul 14 08:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.75.216.74  user=root
Jul 14 08:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10005]: Failed password for root from 182.75.216.74 port 6682 ssh2
Jul 14 08:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10005]: Received disconnect from 182.75.216.74 port 6682:11: Bye Bye [preauth]
Jul 14 08:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10005]: Disconnected from 182.75.216.74 port 6682 [preauth]
Jul 14 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10021]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10019]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10018]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10017]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10017]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10084]: Successful su for rubyman by root
Jul 14 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10084]: + ??? root:rubyman
Jul 14 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10084]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783198 of user rubyman.
Jul 14 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10084]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783198.
Jul 14 08:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6885]: pam_unix(cron:session): session closed for user root
Jul 14 08:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10018]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10400]: Did not receive identification string from 80.94.95.117
Jul 14 08:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9035]: pam_unix(cron:session): session closed for user root
Jul 14 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10534]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10535]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10532]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10531]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10531]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10600]: Successful su for rubyman by root
Jul 14 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10600]: + ??? root:rubyman
Jul 14 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10600]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783202 of user rubyman.
Jul 14 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10600]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783202.
Jul 14 08:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7424]: pam_unix(cron:session): session closed for user root
Jul 14 08:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10532]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.75.216.74  user=root
Jul 14 08:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10881]: Failed password for root from 182.75.216.74 port 36875 ssh2
Jul 14 08:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10881]: Received disconnect from 182.75.216.74 port 36875:11: Bye Bye [preauth]
Jul 14 08:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10881]: Disconnected from 182.75.216.74 port 36875 [preauth]
Jul 14 08:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9582]: pam_unix(cron:session): session closed for user root
Jul 14 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11000]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10997]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10999]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10995]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10996]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10998]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11000]: pam_unix(cron:session): session closed for user root
Jul 14 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10995]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11068]: Successful su for rubyman by root
Jul 14 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11068]: + ??? root:rubyman
Jul 14 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11068]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783208 of user rubyman.
Jul 14 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11068]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783208.
Jul 14 08:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7980]: pam_unix(cron:session): session closed for user root
Jul 14 08:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10997]: pam_unix(cron:session): session closed for user root
Jul 14 08:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10996]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10021]: pam_unix(cron:session): session closed for user root
Jul 14 08:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.75.216.74  user=root
Jul 14 08:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11377]: Failed password for root from 182.75.216.74 port 10105 ssh2
Jul 14 08:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11377]: Received disconnect from 182.75.216.74 port 10105:11: Bye Bye [preauth]
Jul 14 08:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11377]: Disconnected from 182.75.216.74 port 10105 [preauth]
Jul 14 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11441]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11439]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11440]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11438]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11438]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11515]: Successful su for rubyman by root
Jul 14 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11515]: + ??? root:rubyman
Jul 14 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11515]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783211 of user rubyman.
Jul 14 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11515]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783211.
Jul 14 08:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8529]: pam_unix(cron:session): session closed for user root
Jul 14 08:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11439]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10535]: pam_unix(cron:session): session closed for user root
Jul 14 08:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.75.216.74  user=root
Jul 14 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11879]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11882]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11880]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11878]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11878]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11941]: Successful su for rubyman by root
Jul 14 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11941]: + ??? root:rubyman
Jul 14 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11941]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783217 of user rubyman.
Jul 14 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11941]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783217.
Jul 14 08:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11875]: Failed password for root from 182.75.216.74 port 65031 ssh2
Jul 14 08:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11875]: Received disconnect from 182.75.216.74 port 65031:11: Bye Bye [preauth]
Jul 14 08:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11875]: Disconnected from 182.75.216.74 port 65031 [preauth]
Jul 14 08:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9034]: pam_unix(cron:session): session closed for user root
Jul 14 08:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11879]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10999]: pam_unix(cron:session): session closed for user root
Jul 14 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12293]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12296]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12297]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12292]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12292]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12366]: Successful su for rubyman by root
Jul 14 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12366]: + ??? root:rubyman
Jul 14 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12366]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783221 of user rubyman.
Jul 14 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12366]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783221.
Jul 14 08:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9581]: pam_unix(cron:session): session closed for user root
Jul 14 08:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12293]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12628]: fatal: Unable to negotiate with 114.67.80.147 port 46698: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 [preauth]
Jul 14 08:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12631]: fatal: Unable to negotiate with 114.67.80.147 port 46766: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 [preauth]
Jul 14 08:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12638]: fatal: Unable to negotiate with 114.67.80.147 port 46873: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 [preauth]
Jul 14 08:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12650]: fatal: Unable to negotiate with 114.67.80.147 port 46977: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 [preauth]
Jul 14 08:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.75.216.74  user=root
Jul 14 08:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12667]: Failed password for root from 182.75.216.74 port 30808 ssh2
Jul 14 08:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12667]: Received disconnect from 182.75.216.74 port 30808:11: Bye Bye [preauth]
Jul 14 08:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12667]: Disconnected from 182.75.216.74 port 30808 [preauth]
Jul 14 08:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12699]: Invalid user riscv from 193.32.162.141
Jul 14 08:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12699]: input_userauth_request: invalid user riscv [preauth]
Jul 14 08:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12699]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 08:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.141
Jul 14 08:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12699]: Failed password for invalid user riscv from 193.32.162.141 port 38980 ssh2
Jul 14 08:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12699]: Connection closed by 193.32.162.141 port 38980 [preauth]
Jul 14 08:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11441]: pam_unix(cron:session): session closed for user root
Jul 14 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12793]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12796]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12792]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12791]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12791]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12860]: Successful su for rubyman by root
Jul 14 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12860]: + ??? root:rubyman
Jul 14 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12860]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783224 of user rubyman.
Jul 14 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12860]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783224.
Jul 14 08:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10019]: pam_unix(cron:session): session closed for user root
Jul 14 08:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12792]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11882]: pam_unix(cron:session): session closed for user root
Jul 14 08:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.75.216.74  user=root
Jul 14 08:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: Failed password for root from 182.75.216.74 port 49894 ssh2
Jul 14 08:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: Received disconnect from 182.75.216.74 port 49894:11: Bye Bye [preauth]
Jul 14 08:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: Disconnected from 182.75.216.74 port 49894 [preauth]
Jul 14 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13241]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13240]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13239]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13238]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13242]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13243]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13243]: pam_unix(cron:session): session closed for user root
Jul 14 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13238]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13333]: Successful su for rubyman by root
Jul 14 08:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13333]: + ??? root:rubyman
Jul 14 08:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13333]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783231 of user rubyman.
Jul 14 08:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13333]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783231.
Jul 14 08:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10534]: pam_unix(cron:session): session closed for user root
Jul 14 08:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13240]: pam_unix(cron:session): session closed for user root
Jul 14 08:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13239]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12297]: pam_unix(cron:session): session closed for user root
Jul 14 08:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.170.54  user=root
Jul 14 08:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13767]: Failed password for root from 46.101.170.54 port 50218 ssh2
Jul 14 08:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13767]: Connection closed by 46.101.170.54 port 50218 [preauth]
Jul 14 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13816]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13817]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13818]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13819]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13816]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13884]: Successful su for rubyman by root
Jul 14 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13884]: + ??? root:rubyman
Jul 14 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13884]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783234 of user rubyman.
Jul 14 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13884]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783234.
Jul 14 08:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.75.216.74  user=root
Jul 14 08:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10998]: pam_unix(cron:session): session closed for user root
Jul 14 08:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13959]: Failed password for root from 182.75.216.74 port 38378 ssh2
Jul 14 08:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13959]: Received disconnect from 182.75.216.74 port 38378:11: Bye Bye [preauth]
Jul 14 08:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13959]: Disconnected from 182.75.216.74 port 38378 [preauth]
Jul 14 08:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13817]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12796]: pam_unix(cron:session): session closed for user root
Jul 14 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14230]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14228]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14229]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14227]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14227]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14290]: Successful su for rubyman by root
Jul 14 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14290]: + ??? root:rubyman
Jul 14 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14290]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783237 of user rubyman.
Jul 14 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14290]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783237.
Jul 14 08:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11440]: pam_unix(cron:session): session closed for user root
Jul 14 08:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14228]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.75.216.74  user=root
Jul 14 08:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14534]: Failed password for root from 182.75.216.74 port 30726 ssh2
Jul 14 08:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14534]: Received disconnect from 182.75.216.74 port 30726:11: Bye Bye [preauth]
Jul 14 08:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14534]: Disconnected from 182.75.216.74 port 30726 [preauth]
Jul 14 08:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13242]: pam_unix(cron:session): session closed for user root
Jul 14 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14643]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14642]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14644]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14641]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14641]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14706]: Successful su for rubyman by root
Jul 14 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14706]: + ??? root:rubyman
Jul 14 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14706]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783241 of user rubyman.
Jul 14 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14706]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783241.
Jul 14 08:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11880]: pam_unix(cron:session): session closed for user root
Jul 14 08:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14642]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13819]: pam_unix(cron:session): session closed for user root
Jul 14 08:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.75.216.74  user=root
Jul 14 08:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15031]: Failed password for root from 182.75.216.74 port 63592 ssh2
Jul 14 08:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15031]: Received disconnect from 182.75.216.74 port 63592:11: Bye Bye [preauth]
Jul 14 08:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15031]: Disconnected from 182.75.216.74 port 63592 [preauth]
Jul 14 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15061]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15062]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15060]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15059]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15059]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15123]: Successful su for rubyman by root
Jul 14 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15123]: + ??? root:rubyman
Jul 14 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15123]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783246 of user rubyman.
Jul 14 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15123]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783246.
Jul 14 08:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12296]: pam_unix(cron:session): session closed for user root
Jul 14 08:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15060]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14230]: pam_unix(cron:session): session closed for user root
Jul 14 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15468]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15466]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15465]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15469]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15470]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15464]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15470]: pam_unix(cron:session): session closed for user root
Jul 14 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15464]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15538]: Successful su for rubyman by root
Jul 14 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15538]: + ??? root:rubyman
Jul 14 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15538]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783253 of user rubyman.
Jul 14 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15538]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783253.
Jul 14 08:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15466]: pam_unix(cron:session): session closed for user root
Jul 14 08:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12793]: pam_unix(cron:session): session closed for user root
Jul 14 08:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15465]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.75.216.74  user=root
Jul 14 08:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15751]: Failed password for root from 182.75.216.74 port 8916 ssh2
Jul 14 08:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15751]: Received disconnect from 182.75.216.74 port 8916:11: Bye Bye [preauth]
Jul 14 08:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15751]: Disconnected from 182.75.216.74 port 8916 [preauth]
Jul 14 08:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14644]: pam_unix(cron:session): session closed for user root
Jul 14 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15911]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15908]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15909]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15907]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15907]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15977]: Successful su for rubyman by root
Jul 14 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15977]: + ??? root:rubyman
Jul 14 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15977]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783255 of user rubyman.
Jul 14 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15977]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783255.
Jul 14 08:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13241]: pam_unix(cron:session): session closed for user root
Jul 14 08:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16132]: Invalid user partimag from 193.32.162.141
Jul 14 08:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16132]: input_userauth_request: invalid user partimag [preauth]
Jul 14 08:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16132]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 08:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.141
Jul 14 08:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15908]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16132]: Failed password for invalid user partimag from 193.32.162.141 port 56322 ssh2
Jul 14 08:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16132]: Connection closed by 193.32.162.141 port 56322 [preauth]
Jul 14 08:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.75.216.74  user=root
Jul 14 08:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16229]: Failed password for root from 182.75.216.74 port 65260 ssh2
Jul 14 08:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16229]: Received disconnect from 182.75.216.74 port 65260:11: Bye Bye [preauth]
Jul 14 08:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16229]: Disconnected from 182.75.216.74 port 65260 [preauth]
Jul 14 08:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15062]: pam_unix(cron:session): session closed for user root
Jul 14 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16317]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16318]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16316]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16315]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16315]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16378]: Successful su for rubyman by root
Jul 14 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16378]: + ??? root:rubyman
Jul 14 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16378]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783261 of user rubyman.
Jul 14 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16378]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783261.
Jul 14 08:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13818]: pam_unix(cron:session): session closed for user root
Jul 14 08:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16316]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15469]: pam_unix(cron:session): session closed for user root
Jul 14 08:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.75.216.74  user=root
Jul 14 08:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16764]: Failed password for root from 182.75.216.74 port 40761 ssh2
Jul 14 08:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16764]: Received disconnect from 182.75.216.74 port 40761:11: Bye Bye [preauth]
Jul 14 08:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16764]: Disconnected from 182.75.216.74 port 40761 [preauth]
Jul 14 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16789]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16788]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16787]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16786]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16786]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16846]: Successful su for rubyman by root
Jul 14 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16846]: + ??? root:rubyman
Jul 14 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16846]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783263 of user rubyman.
Jul 14 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16846]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783263.
Jul 14 08:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14229]: pam_unix(cron:session): session closed for user root
Jul 14 08:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16787]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15911]: pam_unix(cron:session): session closed for user root
Jul 14 08:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17213]: Bad protocol version identification '\003' from 165.22.99.234 port 59319
Jul 14 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17230]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17231]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17229]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17228]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17228]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17300]: Successful su for rubyman by root
Jul 14 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17300]: + ??? root:rubyman
Jul 14 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17300]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783267 of user rubyman.
Jul 14 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17300]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783267.
Jul 14 08:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14643]: pam_unix(cron:session): session closed for user root
Jul 14 08:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17229]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.75.216.74  user=root
Jul 14 08:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17495]: Failed password for root from 182.75.216.74 port 12595 ssh2
Jul 14 08:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17495]: Received disconnect from 182.75.216.74 port 12595:11: Bye Bye [preauth]
Jul 14 08:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17495]: Disconnected from 182.75.216.74 port 12595 [preauth]
Jul 14 08:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16318]: pam_unix(cron:session): session closed for user root
Jul 14 08:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17634]: Connection closed by 104.152.52.217 port 54653 [preauth]
Jul 14 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17675]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17676]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17669]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17673]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17670]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17671]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17676]: pam_unix(cron:session): session closed for user root
Jul 14 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17669]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17744]: Successful su for rubyman by root
Jul 14 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17744]: + ??? root:rubyman
Jul 14 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17744]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783271 of user rubyman.
Jul 14 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17744]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783271.
Jul 14 08:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17671]: pam_unix(cron:session): session closed for user root
Jul 14 08:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15061]: pam_unix(cron:session): session closed for user root
Jul 14 08:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17670]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.75.216.74  user=root
Jul 14 08:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18147]: Failed password for root from 182.75.216.74 port 2941 ssh2
Jul 14 08:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18147]: Received disconnect from 182.75.216.74 port 2941:11: Bye Bye [preauth]
Jul 14 08:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18147]: Disconnected from 182.75.216.74 port 2941 [preauth]
Jul 14 08:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16789]: pam_unix(cron:session): session closed for user root
Jul 14 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18241]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18240]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18242]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18239]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18239]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18313]: Successful su for rubyman by root
Jul 14 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18313]: + ??? root:rubyman
Jul 14 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18313]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783277 of user rubyman.
Jul 14 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18313]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783277.
Jul 14 08:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15468]: pam_unix(cron:session): session closed for user root
Jul 14 08:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18240]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17231]: pam_unix(cron:session): session closed for user root
Jul 14 08:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.75.216.74  user=root
Jul 14 08:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18670]: Failed password for root from 182.75.216.74 port 32737 ssh2
Jul 14 08:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18670]: Received disconnect from 182.75.216.74 port 32737:11: Bye Bye [preauth]
Jul 14 08:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18670]: Disconnected from 182.75.216.74 port 32737 [preauth]
Jul 14 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18695]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18694]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18693]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18692]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18692]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18758]: Successful su for rubyman by root
Jul 14 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18758]: + ??? root:rubyman
Jul 14 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18758]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783281 of user rubyman.
Jul 14 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18758]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783281.
Jul 14 08:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15909]: pam_unix(cron:session): session closed for user root
Jul 14 08:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18693]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17675]: pam_unix(cron:session): session closed for user root
Jul 14 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19119]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19118]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19120]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19117]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19117]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19176]: Successful su for rubyman by root
Jul 14 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19176]: + ??? root:rubyman
Jul 14 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19176]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783287 of user rubyman.
Jul 14 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19176]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783287.
Jul 14 08:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16317]: pam_unix(cron:session): session closed for user root
Jul 14 08:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19118]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.75.216.74  user=root
Jul 14 08:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19380]: Failed password for root from 182.75.216.74 port 21712 ssh2
Jul 14 08:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19380]: Received disconnect from 182.75.216.74 port 21712:11: Bye Bye [preauth]
Jul 14 08:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19380]: Disconnected from 182.75.216.74 port 21712 [preauth]
Jul 14 08:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18242]: pam_unix(cron:session): session closed for user root
Jul 14 08:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19505]: Invalid user hadoop from 193.32.162.141
Jul 14 08:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19505]: input_userauth_request: invalid user hadoop [preauth]
Jul 14 08:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19505]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 08:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.141
Jul 14 08:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19505]: Failed password for invalid user hadoop from 193.32.162.141 port 45432 ssh2
Jul 14 08:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19505]: Connection closed by 193.32.162.141 port 45432 [preauth]
Jul 14 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19539]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19538]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19536]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19537]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19534]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19536]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19704]: Successful su for rubyman by root
Jul 14 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19704]: + ??? root:rubyman
Jul 14 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19704]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783289 of user rubyman.
Jul 14 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19704]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783289.
Jul 14 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19534]: pam_unix(cron:session): session closed for user root
Jul 14 08:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16788]: pam_unix(cron:session): session closed for user root
Jul 14 08:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19537]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.75.216.74  user=root
Jul 14 08:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19986]: Failed password for root from 182.75.216.74 port 36222 ssh2
Jul 14 08:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19986]: Received disconnect from 182.75.216.74 port 36222:11: Bye Bye [preauth]
Jul 14 08:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19986]: Disconnected from 182.75.216.74 port 36222 [preauth]
Jul 14 08:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18695]: pam_unix(cron:session): session closed for user root
Jul 14 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20088]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20083]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20089]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20085]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20087]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20084]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20089]: pam_unix(cron:session): session closed for user root
Jul 14 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20083]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20156]: Successful su for rubyman by root
Jul 14 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20156]: + ??? root:rubyman
Jul 14 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20156]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783294 of user rubyman.
Jul 14 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20156]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783294.
Jul 14 08:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20085]: pam_unix(cron:session): session closed for user root
Jul 14 08:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17230]: pam_unix(cron:session): session closed for user root
Jul 14 08:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20084]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19120]: pam_unix(cron:session): session closed for user root
Jul 14 08:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.75.216.74  user=root
Jul 14 08:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20503]: Failed password for root from 182.75.216.74 port 44997 ssh2
Jul 14 08:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20503]: Received disconnect from 182.75.216.74 port 44997:11: Bye Bye [preauth]
Jul 14 08:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20503]: Disconnected from 182.75.216.74 port 44997 [preauth]
Jul 14 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20537]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20536]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20535]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20534]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20534]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20602]: Successful su for rubyman by root
Jul 14 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20602]: + ??? root:rubyman
Jul 14 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20602]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783301 of user rubyman.
Jul 14 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20602]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783301.
Jul 14 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20655]: Did not receive identification string from 218.64.218.2
Jul 14 08:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.64.218.2  user=root
Jul 14 08:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17673]: pam_unix(cron:session): session closed for user root
Jul 14 08:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20721]: Failed password for root from 218.64.218.2 port 56282 ssh2
Jul 14 08:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20721]: Connection closed by 218.64.218.2 port 56282 [preauth]
Jul 14 08:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20535]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20806]: Invalid user admin from 218.64.218.2
Jul 14 08:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20806]: input_userauth_request: invalid user admin [preauth]
Jul 14 08:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20806]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 08:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.64.218.2
Jul 14 08:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20806]: Failed password for invalid user admin from 218.64.218.2 port 44780 ssh2
Jul 14 08:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20806]: Connection closed by 218.64.218.2 port 44780 [preauth]
Jul 14 08:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19539]: pam_unix(cron:session): session closed for user root
Jul 14 08:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20935]: Invalid user  from 64.62.197.241
Jul 14 08:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20935]: input_userauth_request: invalid user  [preauth]
Jul 14 08:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20935]: Connection closed by 64.62.197.241 port 37947 [preauth]
Jul 14 08:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20955]: Did not receive identification string from 101.168.33.77
Jul 14 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20975]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20977]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20976]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20974]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20974]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21032]: Successful su for rubyman by root
Jul 14 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21032]: + ??? root:rubyman
Jul 14 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21032]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783305 of user rubyman.
Jul 14 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21032]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783305.
Jul 14 08:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18241]: pam_unix(cron:session): session closed for user root
Jul 14 08:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20975]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.75.216.74  user=root
Jul 14 08:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21286]: Failed password for root from 182.75.216.74 port 60891 ssh2
Jul 14 08:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21286]: Received disconnect from 182.75.216.74 port 60891:11: Bye Bye [preauth]
Jul 14 08:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21286]: Disconnected from 182.75.216.74 port 60891 [preauth]
Jul 14 08:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20088]: pam_unix(cron:session): session closed for user root
Jul 14 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21419]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21420]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21418]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21417]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21417]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21485]: Successful su for rubyman by root
Jul 14 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21485]: + ??? root:rubyman
Jul 14 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21485]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783309 of user rubyman.
Jul 14 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21485]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783309.
Jul 14 08:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18694]: pam_unix(cron:session): session closed for user root
Jul 14 08:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21418]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20537]: pam_unix(cron:session): session closed for user root
Jul 14 08:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.75.216.74  user=root
Jul 14 08:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22102]: Failed password for root from 182.75.216.74 port 59380 ssh2
Jul 14 08:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22102]: Received disconnect from 182.75.216.74 port 59380:11: Bye Bye [preauth]
Jul 14 08:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22102]: Disconnected from 182.75.216.74 port 59380 [preauth]
Jul 14 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22184]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22185]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22182]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22183]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22182]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22273]: Successful su for rubyman by root
Jul 14 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22273]: + ??? root:rubyman
Jul 14 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22273]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783314 of user rubyman.
Jul 14 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22273]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783314.
Jul 14 08:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19119]: pam_unix(cron:session): session closed for user root
Jul 14 08:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22183]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20977]: pam_unix(cron:session): session closed for user root
Jul 14 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22686]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22683]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22681]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22680]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22682]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22684]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22686]: pam_unix(cron:session): session closed for user root
Jul 14 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22680]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22760]: Successful su for rubyman by root
Jul 14 08:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22760]: + ??? root:rubyman
Jul 14 08:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22760]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783321 of user rubyman.
Jul 14 08:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22760]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783321.
Jul 14 08:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.75.216.74  user=root
Jul 14 08:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: Failed password for root from 182.75.216.74 port 12743 ssh2
Jul 14 08:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: Received disconnect from 182.75.216.74 port 12743:11: Bye Bye [preauth]
Jul 14 08:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: Disconnected from 182.75.216.74 port 12743 [preauth]
Jul 14 08:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22682]: pam_unix(cron:session): session closed for user root
Jul 14 08:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19538]: pam_unix(cron:session): session closed for user root
Jul 14 08:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22681]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21420]: pam_unix(cron:session): session closed for user root
Jul 14 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23196]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23195]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23194]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23193]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23193]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23265]: Successful su for rubyman by root
Jul 14 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23265]: + ??? root:rubyman
Jul 14 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23265]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783323 of user rubyman.
Jul 14 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23265]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783323.
Jul 14 08:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20087]: pam_unix(cron:session): session closed for user root
Jul 14 08:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23194]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.75.216.74  user=root
Jul 14 08:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23587]: Failed password for root from 182.75.216.74 port 56855 ssh2
Jul 14 08:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23587]: Received disconnect from 182.75.216.74 port 56855:11: Bye Bye [preauth]
Jul 14 08:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23587]: Disconnected from 182.75.216.74 port 56855 [preauth]
Jul 14 08:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23624]: Invalid user fatima from 193.32.162.141
Jul 14 08:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23624]: input_userauth_request: invalid user fatima [preauth]
Jul 14 08:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23624]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 08:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.141
Jul 14 08:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23624]: Failed password for invalid user fatima from 193.32.162.141 port 34538 ssh2
Jul 14 08:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23624]: Connection closed by 193.32.162.141 port 34538 [preauth]
Jul 14 08:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22185]: pam_unix(cron:session): session closed for user root
Jul 14 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23717]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23718]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23716]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23715]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23715]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23870]: Successful su for rubyman by root
Jul 14 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23870]: + ??? root:rubyman
Jul 14 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23870]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783327 of user rubyman.
Jul 14 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23870]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783327.
Jul 14 08:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20536]: pam_unix(cron:session): session closed for user root
Jul 14 08:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23716]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22684]: pam_unix(cron:session): session closed for user root
Jul 14 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24274]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24269]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24272]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24271]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24269]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24345]: Successful su for rubyman by root
Jul 14 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24345]: + ??? root:rubyman
Jul 14 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24345]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783330 of user rubyman.
Jul 14 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24345]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783330.
Jul 14 08:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20976]: pam_unix(cron:session): session closed for user root
Jul 14 08:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24271]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23196]: pam_unix(cron:session): session closed for user root
Jul 14 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24735]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24734]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24736]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24733]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24733]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24792]: Successful su for rubyman by root
Jul 14 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24792]: + ??? root:rubyman
Jul 14 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24792]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783334 of user rubyman.
Jul 14 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24792]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783334.
Jul 14 08:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21419]: pam_unix(cron:session): session closed for user root
Jul 14 08:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24734]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23718]: pam_unix(cron:session): session closed for user root
Jul 14 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25151]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25152]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25148]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25149]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25150]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25153]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25153]: pam_unix(cron:session): session closed for user root
Jul 14 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25148]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25217]: Successful su for rubyman by root
Jul 14 08:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25217]: + ??? root:rubyman
Jul 14 08:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25217]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783340 of user rubyman.
Jul 14 08:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25217]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783340.
Jul 14 08:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25150]: pam_unix(cron:session): session closed for user root
Jul 14 08:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22184]: pam_unix(cron:session): session closed for user root
Jul 14 08:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25149]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25494]: Invalid user 1234 from 80.94.95.15
Jul 14 08:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25494]: input_userauth_request: invalid user 1234 [preauth]
Jul 14 08:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25494]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 08:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.15
Jul 14 08:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25494]: Failed password for invalid user 1234 from 80.94.95.15 port 23766 ssh2
Jul 14 08:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25494]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 08:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25494]: Failed password for invalid user 1234 from 80.94.95.15 port 23766 ssh2
Jul 14 08:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25494]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 08:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25494]: Failed password for invalid user 1234 from 80.94.95.15 port 23766 ssh2
Jul 14 08:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25494]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 08:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24274]: pam_unix(cron:session): session closed for user root
Jul 14 08:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25494]: Failed password for invalid user 1234 from 80.94.95.15 port 23766 ssh2
Jul 14 08:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25494]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 08:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25494]: Failed password for invalid user 1234 from 80.94.95.15 port 23766 ssh2
Jul 14 08:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25494]: Received disconnect from 80.94.95.15 port 23766:11: Bye [preauth]
Jul 14 08:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25494]: Disconnected from 80.94.95.15 port 23766 [preauth]
Jul 14 08:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25494]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.15
Jul 14 08:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25494]: PAM service(sshd) ignoring max retries; 5 > 3
Jul 14 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25634]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25637]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25630]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25638]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25630]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25727]: Successful su for rubyman by root
Jul 14 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25727]: + ??? root:rubyman
Jul 14 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25727]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783347 of user rubyman.
Jul 14 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25727]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783347.
Jul 14 08:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22683]: pam_unix(cron:session): session closed for user root
Jul 14 08:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25634]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24736]: pam_unix(cron:session): session closed for user root
Jul 14 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26132]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26133]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26130]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26129]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26129]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26195]: Successful su for rubyman by root
Jul 14 08:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26195]: + ??? root:rubyman
Jul 14 08:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26195]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783349 of user rubyman.
Jul 14 08:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26195]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783349.
Jul 14 08:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23195]: pam_unix(cron:session): session closed for user root
Jul 14 08:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26130]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25152]: pam_unix(cron:session): session closed for user root
Jul 14 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26641]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26642]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26640]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26639]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26639]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26712]: Successful su for rubyman by root
Jul 14 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26712]: + ??? root:rubyman
Jul 14 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26712]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783353 of user rubyman.
Jul 14 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26712]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783353.
Jul 14 08:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23717]: pam_unix(cron:session): session closed for user root
Jul 14 08:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26640]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25638]: pam_unix(cron:session): session closed for user root
Jul 14 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27193]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27194]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27192]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27190]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27190]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27267]: Successful su for rubyman by root
Jul 14 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27267]: + ??? root:rubyman
Jul 14 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27267]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783357 of user rubyman.
Jul 14 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27267]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783357.
Jul 14 08:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 08:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27425]: Invalid user maroof from 193.32.162.141
Jul 14 08:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27425]: input_userauth_request: invalid user maroof [preauth]
Jul 14 08:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27425]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 08:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.141
Jul 14 08:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24272]: pam_unix(cron:session): session closed for user root
Jul 14 08:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27425]: Failed password for invalid user maroof from 193.32.162.141 port 51880 ssh2
Jul 14 08:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27425]: Connection closed by 193.32.162.141 port 51880 [preauth]
Jul 14 08:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27192]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26133]: pam_unix(cron:session): session closed for user root
Jul 14 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27749]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27744]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27748]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27746]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27747]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27743]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27749]: pam_unix(cron:session): session closed for user root
Jul 14 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27743]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27826]: Successful su for rubyman by root
Jul 14 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27826]: + ??? root:rubyman
Jul 14 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27826]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783362 of user rubyman.
Jul 14 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27826]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783362.
Jul 14 08:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24735]: pam_unix(cron:session): session closed for user root
Jul 14 08:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27746]: pam_unix(cron:session): session closed for user root
Jul 14 08:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27744]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26642]: pam_unix(cron:session): session closed for user root
Jul 14 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28223]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28222]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28221]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28220]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28220]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28290]: Successful su for rubyman by root
Jul 14 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28290]: + ??? root:rubyman
Jul 14 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28290]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783366 of user rubyman.
Jul 14 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28290]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783366.
Jul 14 08:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25151]: pam_unix(cron:session): session closed for user root
Jul 14 08:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28221]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27194]: pam_unix(cron:session): session closed for user root
Jul 14 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28666]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28667]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28668]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28665]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28665]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28725]: Successful su for rubyman by root
Jul 14 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28725]: + ??? root:rubyman
Jul 14 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28725]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783370 of user rubyman.
Jul 14 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28725]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783370.
Jul 14 08:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25637]: pam_unix(cron:session): session closed for user root
Jul 14 08:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28666]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27748]: pam_unix(cron:session): session closed for user root
Jul 14 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29175]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29176]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29172]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29173]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29172]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29237]: Successful su for rubyman by root
Jul 14 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29237]: + ??? root:rubyman
Jul 14 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29237]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783374 of user rubyman.
Jul 14 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29237]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783374.
Jul 14 08:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26132]: pam_unix(cron:session): session closed for user root
Jul 14 08:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29173]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28223]: pam_unix(cron:session): session closed for user root
Jul 14 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29613]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29612]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29609]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29611]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29609]: pam_unix(cron:session): session closed for user p13x
Jul 14 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29675]: Successful su for rubyman by root
Jul 14 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29675]: + ??? root:rubyman
Jul 14 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29675]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783379 of user rubyman.
Jul 14 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29675]: pam_unix(su:session): session closed for user rubyman
Jul 14 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783379.
Jul 14 08:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26641]: pam_unix(cron:session): session closed for user root
Jul 14 08:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29611]: pam_unix(cron:session): session closed for user samftp
Jul 14 08:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28668]: pam_unix(cron:session): session closed for user root
Jul 14 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30040]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30038]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30042]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30043]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30041]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30039]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30043]: pam_unix(cron:session): session closed for user root
Jul 14 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30037]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30039]: pam_unix(cron:session): session closed for user root
Jul 14 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30037]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30144]: Successful su for rubyman by root
Jul 14 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30144]: + ??? root:rubyman
Jul 14 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30144]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783385 of user rubyman.
Jul 14 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30144]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783385.
Jul 14 09:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30040]: pam_unix(cron:session): session closed for user root
Jul 14 09:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27193]: pam_unix(cron:session): session closed for user root
Jul 14 09:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30038]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29176]: pam_unix(cron:session): session closed for user root
Jul 14 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30553]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30555]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30554]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30552]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30552]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30622]: Successful su for rubyman by root
Jul 14 09:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30622]: + ??? root:rubyman
Jul 14 09:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30622]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783391 of user rubyman.
Jul 14 09:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30622]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783391.
Jul 14 09:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27747]: pam_unix(cron:session): session closed for user root
Jul 14 09:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30553]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29613]: pam_unix(cron:session): session closed for user root
Jul 14 09:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30946]: Invalid user shoaib from 193.32.162.141
Jul 14 09:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30946]: input_userauth_request: invalid user shoaib [preauth]
Jul 14 09:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30946]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 09:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.141
Jul 14 09:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30946]: Failed password for invalid user shoaib from 193.32.162.141 port 40986 ssh2
Jul 14 09:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30946]: Connection closed by 193.32.162.141 port 40986 [preauth]
Jul 14 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31080]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31081]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31076]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31075]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31075]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31142]: Successful su for rubyman by root
Jul 14 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31142]: + ??? root:rubyman
Jul 14 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31142]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783395 of user rubyman.
Jul 14 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31142]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783395.
Jul 14 09:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28222]: pam_unix(cron:session): session closed for user root
Jul 14 09:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31076]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30042]: pam_unix(cron:session): session closed for user root
Jul 14 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31500]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31499]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31498]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31497]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31497]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31560]: Successful su for rubyman by root
Jul 14 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31560]: + ??? root:rubyman
Jul 14 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31560]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783397 of user rubyman.
Jul 14 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31560]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783397.
Jul 14 09:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28667]: pam_unix(cron:session): session closed for user root
Jul 14 09:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31498]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30555]: pam_unix(cron:session): session closed for user root
Jul 14 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32066]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32070]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32069]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32065]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32065]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32306]: Successful su for rubyman by root
Jul 14 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32306]: + ??? root:rubyman
Jul 14 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32306]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783404 of user rubyman.
Jul 14 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32306]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783404.
Jul 14 09:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29175]: pam_unix(cron:session): session closed for user root
Jul 14 09:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32066]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31081]: pam_unix(cron:session): session closed for user root
Jul 14 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[332]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[331]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[329]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[333]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[328]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[334]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[334]: pam_unix(cron:session): session closed for user root
Jul 14 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[328]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[444]: Successful su for rubyman by root
Jul 14 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[444]: + ??? root:rubyman
Jul 14 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[444]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783409 of user rubyman.
Jul 14 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[444]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783409.
Jul 14 09:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Jul 14 09:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[331]: pam_unix(cron:session): session closed for user root
Jul 14 09:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29612]: pam_unix(cron:session): session closed for user root
Jul 14 09:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[422]: Failed password for root from 193.32.162.157 port 38208 ssh2
Jul 14 09:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[422]: Connection closed by 193.32.162.157 port 38208 [preauth]
Jul 14 09:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[329]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Jul 14 09:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[723]: Failed password for root from 193.32.162.157 port 61124 ssh2
Jul 14 09:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[723]: Connection closed by 193.32.162.157 port 61124 [preauth]
Jul 14 09:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31500]: pam_unix(cron:session): session closed for user root
Jul 14 09:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Jul 14 09:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[818]: Failed password for root from 193.32.162.157 port 36662 ssh2
Jul 14 09:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[818]: Connection closed by 193.32.162.157 port 36662 [preauth]
Jul 14 09:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[912]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[914]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[913]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[911]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[911]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1009]: Successful su for rubyman by root
Jul 14 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1009]: + ??? root:rubyman
Jul 14 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1009]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783412 of user rubyman.
Jul 14 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1009]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783412.
Jul 14 09:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30041]: pam_unix(cron:session): session closed for user root
Jul 14 09:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[912]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Jul 14 09:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[897]: Failed password for root from 193.32.162.157 port 32740 ssh2
Jul 14 09:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[897]: Connection closed by 193.32.162.157 port 32740 [preauth]
Jul 14 09:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1301]: Did not receive identification string from 80.94.92.103
Jul 14 09:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Jul 14 09:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32070]: pam_unix(cron:session): session closed for user root
Jul 14 09:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1286]: Failed password for root from 193.32.162.157 port 27840 ssh2
Jul 14 09:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1286]: Connection closed by 193.32.162.157 port 27840 [preauth]
Jul 14 09:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Jul 14 09:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1377]: Failed password for root from 193.32.162.157 port 37858 ssh2
Jul 14 09:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1377]: Connection closed by 193.32.162.157 port 37858 [preauth]
Jul 14 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1457]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1427]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1426]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1425]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1425]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1520]: Successful su for rubyman by root
Jul 14 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1520]: + ??? root:rubyman
Jul 14 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1520]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783415 of user rubyman.
Jul 14 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1520]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783415.
Jul 14 09:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30554]: pam_unix(cron:session): session closed for user root
Jul 14 09:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
Jul 14 09:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1426]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1754]: Failed password for root from 164.68.105.9 port 46328 ssh2
Jul 14 09:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1754]: Connection closed by 164.68.105.9 port 46328 [preauth]
Jul 14 09:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Jul 14 09:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1726]: Failed password for root from 193.32.162.157 port 39222 ssh2
Jul 14 09:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1726]: Connection closed by 193.32.162.157 port 39222 [preauth]
Jul 14 09:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[333]: pam_unix(cron:session): session closed for user root
Jul 14 09:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Jul 14 09:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1845]: Failed password for root from 193.32.162.157 port 38704 ssh2
Jul 14 09:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1845]: Connection closed by 193.32.162.157 port 38704 [preauth]
Jul 14 09:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2033]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2035]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2034]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2032]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2032]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2097]: Successful su for rubyman by root
Jul 14 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2097]: + ??? root:rubyman
Jul 14 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2097]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783421 of user rubyman.
Jul 14 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2097]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783421.
Jul 14 09:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Jul 14 09:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31080]: pam_unix(cron:session): session closed for user root
Jul 14 09:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2007]: Failed password for root from 193.32.162.157 port 27974 ssh2
Jul 14 09:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2007]: Connection closed by 193.32.162.157 port 27974 [preauth]
Jul 14 09:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2033]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Jul 14 09:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2299]: Failed password for root from 193.32.162.157 port 24968 ssh2
Jul 14 09:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2299]: Connection closed by 193.32.162.157 port 24968 [preauth]
Jul 14 09:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[914]: pam_unix(cron:session): session closed for user root
Jul 14 09:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Jul 14 09:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2397]: Failed password for root from 193.32.162.157 port 2134 ssh2
Jul 14 09:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2397]: Connection closed by 193.32.162.157 port 2134 [preauth]
Jul 14 09:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Jul 14 09:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2437]: Failed password for root from 193.32.162.157 port 21678 ssh2
Jul 14 09:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2437]: Connection closed by 193.32.162.157 port 21678 [preauth]
Jul 14 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2473]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2476]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2472]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2474]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2470]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2472]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2631]: Successful su for rubyman by root
Jul 14 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2631]: + ??? root:rubyman
Jul 14 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2631]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783424 of user rubyman.
Jul 14 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2631]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783424.
Jul 14 09:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2470]: pam_unix(cron:session): session closed for user root
Jul 14 09:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31499]: pam_unix(cron:session): session closed for user root
Jul 14 09:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2473]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Jul 14 09:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2743]: Failed password for root from 193.32.162.157 port 4836 ssh2
Jul 14 09:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2743]: Connection closed by 193.32.162.157 port 4836 [preauth]
Jul 14 09:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2905]: Invalid user vr from 193.32.162.141
Jul 14 09:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2905]: input_userauth_request: invalid user vr [preauth]
Jul 14 09:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2905]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 09:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.141
Jul 14 09:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2905]: Failed password for invalid user vr from 193.32.162.141 port 58328 ssh2
Jul 14 09:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2905]: Connection closed by 193.32.162.141 port 58328 [preauth]
Jul 14 09:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1457]: pam_unix(cron:session): session closed for user root
Jul 14 09:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Jul 14 09:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: Failed password for root from 193.32.162.157 port 46706 ssh2
Jul 14 09:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: Connection closed by 193.32.162.157 port 46706 [preauth]
Jul 14 09:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3040]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3041]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3038]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3037]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3036]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3035]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3041]: pam_unix(cron:session): session closed for user root
Jul 14 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3035]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3107]: Successful su for rubyman by root
Jul 14 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3107]: + ??? root:rubyman
Jul 14 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3107]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783428 of user rubyman.
Jul 14 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3107]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783428.
Jul 14 09:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Jul 14 09:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3037]: pam_unix(cron:session): session closed for user root
Jul 14 09:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32069]: pam_unix(cron:session): session closed for user root
Jul 14 09:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3013]: Failed password for root from 193.32.162.157 port 30372 ssh2
Jul 14 09:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3013]: Connection closed by 193.32.162.157 port 30372 [preauth]
Jul 14 09:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3036]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3403]: fatal: Unable to negotiate with 114.67.80.147 port 60224: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 [preauth]
Jul 14 09:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3437]: fatal: Unable to negotiate with 114.67.80.147 port 60334: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 [preauth]
Jul 14 09:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Jul 14 09:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3440]: fatal: Unable to negotiate with 114.67.80.147 port 60428: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 [preauth]
Jul 14 09:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3442]: fatal: Unable to negotiate with 114.67.80.147 port 60544: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 [preauth]
Jul 14 09:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3353]: Failed password for root from 193.32.162.157 port 6648 ssh2
Jul 14 09:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3353]: Connection closed by 193.32.162.157 port 6648 [preauth]
Jul 14 09:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2035]: pam_unix(cron:session): session closed for user root
Jul 14 09:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Jul 14 09:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3477]: Failed password for root from 193.32.162.157 port 2768 ssh2
Jul 14 09:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3477]: Connection closed by 193.32.162.157 port 2768 [preauth]
Jul 14 09:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3546]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3548]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3547]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3543]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3543]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3646]: Successful su for rubyman by root
Jul 14 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3646]: + ??? root:rubyman
Jul 14 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3646]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783434 of user rubyman.
Jul 14 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3646]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783434.
Jul 14 09:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[332]: pam_unix(cron:session): session closed for user root
Jul 14 09:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3546]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Jul 14 09:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3531]: Failed password for root from 193.32.162.157 port 59014 ssh2
Jul 14 09:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3531]: Connection closed by 193.32.162.157 port 59014 [preauth]
Jul 14 09:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Jul 14 09:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3881]: Failed password for root from 193.32.162.157 port 33790 ssh2
Jul 14 09:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3881]: Connection closed by 193.32.162.157 port 33790 [preauth]
Jul 14 09:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2476]: pam_unix(cron:session): session closed for user root
Jul 14 09:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Jul 14 09:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3955]: Failed password for root from 193.32.162.157 port 27846 ssh2
Jul 14 09:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3955]: Connection closed by 193.32.162.157 port 27846 [preauth]
Jul 14 09:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4083]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4082]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4081]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4080]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4080]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4146]: Successful su for rubyman by root
Jul 14 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4146]: + ??? root:rubyman
Jul 14 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4146]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783440 of user rubyman.
Jul 14 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4146]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783440.
Jul 14 09:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Jul 14 09:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4060]: Failed password for root from 193.32.162.157 port 40806 ssh2
Jul 14 09:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4060]: Connection closed by 193.32.162.157 port 40806 [preauth]
Jul 14 09:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[913]: pam_unix(cron:session): session closed for user root
Jul 14 09:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4081]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Jul 14 09:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4607]: Failed password for root from 193.32.162.157 port 11668 ssh2
Jul 14 09:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4607]: Connection closed by 193.32.162.157 port 11668 [preauth]
Jul 14 09:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3040]: pam_unix(cron:session): session closed for user root
Jul 14 09:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Jul 14 09:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4680]: Failed password for root from 193.32.162.157 port 50422 ssh2
Jul 14 09:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4680]: Connection closed by 193.32.162.157 port 50422 [preauth]
Jul 14 09:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4768]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4767]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4766]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4763]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4763]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4839]: Successful su for rubyman by root
Jul 14 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4839]: + ??? root:rubyman
Jul 14 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4839]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783442 of user rubyman.
Jul 14 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4839]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783442.
Jul 14 09:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1427]: pam_unix(cron:session): session closed for user root
Jul 14 09:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4766]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Jul 14 09:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4752]: Failed password for root from 193.32.162.157 port 36382 ssh2
Jul 14 09:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4752]: Connection closed by 193.32.162.157 port 36382 [preauth]
Jul 14 09:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Jul 14 09:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3548]: pam_unix(cron:session): session closed for user root
Jul 14 09:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5300]: Failed password for root from 193.32.162.157 port 50998 ssh2
Jul 14 09:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5357]: Invalid user osvaldo from 80.94.95.15
Jul 14 09:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5357]: input_userauth_request: invalid user osvaldo [preauth]
Jul 14 09:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5357]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 09:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.15
Jul 14 09:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5300]: Connection closed by 193.32.162.157 port 50998 [preauth]
Jul 14 09:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5357]: Failed password for invalid user osvaldo from 80.94.95.15 port 29780 ssh2
Jul 14 09:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5357]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 09:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5357]: Failed password for invalid user osvaldo from 80.94.95.15 port 29780 ssh2
Jul 14 09:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5357]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 09:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5357]: Failed password for invalid user osvaldo from 80.94.95.15 port 29780 ssh2
Jul 14 09:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5357]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 09:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5357]: Failed password for invalid user osvaldo from 80.94.95.15 port 29780 ssh2
Jul 14 09:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5357]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 09:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5357]: Failed password for invalid user osvaldo from 80.94.95.15 port 29780 ssh2
Jul 14 09:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5357]: Received disconnect from 80.94.95.15 port 29780:11: Bye [preauth]
Jul 14 09:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5357]: Disconnected from 80.94.95.15 port 29780 [preauth]
Jul 14 09:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5357]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.15
Jul 14 09:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5357]: PAM service(sshd) ignoring max retries; 5 > 3
Jul 14 09:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Jul 14 09:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5372]: Failed password for root from 193.32.162.157 port 39460 ssh2
Jul 14 09:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5372]: Connection closed by 193.32.162.157 port 39460 [preauth]
Jul 14 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5431]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5433]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5430]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5428]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5428]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5509]: Successful su for rubyman by root
Jul 14 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5509]: + ??? root:rubyman
Jul 14 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5509]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783446 of user rubyman.
Jul 14 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5509]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783446.
Jul 14 09:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2034]: pam_unix(cron:session): session closed for user root
Jul 14 09:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5430]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Jul 14 09:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5622]: Failed password for root from 193.32.162.157 port 46210 ssh2
Jul 14 09:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5622]: Connection closed by 193.32.162.157 port 46210 [preauth]
Jul 14 09:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Jul 14 09:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5891]: Failed password for root from 193.32.162.157 port 30984 ssh2
Jul 14 09:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5891]: Connection closed by 193.32.162.157 port 30984 [preauth]
Jul 14 09:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4083]: pam_unix(cron:session): session closed for user root
Jul 14 09:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Jul 14 09:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5937]: Failed password for root from 193.32.162.157 port 53598 ssh2
Jul 14 09:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5937]: Connection closed by 193.32.162.157 port 53598 [preauth]
Jul 14 09:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6029]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6026]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6033]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6024]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6023]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6028]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6033]: pam_unix(cron:session): session closed for user root
Jul 14 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6023]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6111]: Successful su for rubyman by root
Jul 14 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6111]: + ??? root:rubyman
Jul 14 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6111]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783450 of user rubyman.
Jul 14 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6111]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783450.
Jul 14 09:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6026]: pam_unix(cron:session): session closed for user root
Jul 14 09:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2474]: pam_unix(cron:session): session closed for user root
Jul 14 09:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Jul 14 09:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6024]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6005]: Failed password for root from 193.32.162.157 port 62914 ssh2
Jul 14 09:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6005]: Connection closed by 193.32.162.157 port 62914 [preauth]
Jul 14 09:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.105.135  user=root
Jul 14 09:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6376]: Failed password for root from 47.243.105.135 port 39686 ssh2
Jul 14 09:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6376]: Connection closed by 47.243.105.135 port 39686 [preauth]
Jul 14 09:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Jul 14 09:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6374]: Failed password for root from 193.32.162.157 port 42304 ssh2
Jul 14 09:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6374]: Connection closed by 193.32.162.157 port 42304 [preauth]
Jul 14 09:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4768]: pam_unix(cron:session): session closed for user root
Jul 14 09:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Jul 14 09:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6452]: Failed password for root from 193.32.162.157 port 56900 ssh2
Jul 14 09:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6452]: Connection closed by 193.32.162.157 port 56900 [preauth]
Jul 14 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6511]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6510]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6508]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6509]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6508]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6576]: Successful su for rubyman by root
Jul 14 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6576]: + ??? root:rubyman
Jul 14 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6576]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783457 of user rubyman.
Jul 14 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6576]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783457.
Jul 14 09:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3038]: pam_unix(cron:session): session closed for user root
Jul 14 09:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6509]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Jul 14 09:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6506]: Failed password for root from 193.32.162.157 port 61716 ssh2
Jul 14 09:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6506]: Connection closed by 193.32.162.157 port 61716 [preauth]
Jul 14 09:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5433]: pam_unix(cron:session): session closed for user root
Jul 14 09:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Jul 14 09:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6826]: Failed password for root from 193.32.162.157 port 56418 ssh2
Jul 14 09:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6826]: Connection closed by 193.32.162.157 port 56418 [preauth]
Jul 14 09:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Jul 14 09:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7004]: Failed password for root from 193.32.162.157 port 13272 ssh2
Jul 14 09:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7004]: Connection closed by 193.32.162.157 port 13272 [preauth]
Jul 14 09:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7025]: Invalid user vr from 193.32.162.141
Jul 14 09:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7025]: input_userauth_request: invalid user vr [preauth]
Jul 14 09:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7025]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 09:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.141
Jul 14 09:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7025]: Failed password for invalid user vr from 193.32.162.141 port 47438 ssh2
Jul 14 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7048]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7046]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7049]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7042]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7025]: Connection closed by 193.32.162.141 port 47438 [preauth]
Jul 14 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7040]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7040]: pam_unix(cron:session): session closed for user root
Jul 14 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7042]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7130]: Successful su for rubyman by root
Jul 14 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7130]: + ??? root:rubyman
Jul 14 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7130]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783460 of user rubyman.
Jul 14 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7130]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783460.
Jul 14 09:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3547]: pam_unix(cron:session): session closed for user root
Jul 14 09:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7046]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Jul 14 09:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7242]: Failed password for root from 193.32.162.157 port 56272 ssh2
Jul 14 09:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7242]: Connection closed by 193.32.162.157 port 56272 [preauth]
Jul 14 09:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Jul 14 09:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7370]: Failed password for root from 193.32.162.157 port 4800 ssh2
Jul 14 09:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7370]: Connection closed by 193.32.162.157 port 4800 [preauth]
Jul 14 09:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6029]: pam_unix(cron:session): session closed for user root
Jul 14 09:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Jul 14 09:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7440]: Failed password for root from 193.32.162.157 port 30448 ssh2
Jul 14 09:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7440]: Connection closed by 193.32.162.157 port 30448 [preauth]
Jul 14 09:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7604]: Invalid user oracle from 47.243.105.135
Jul 14 09:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7604]: input_userauth_request: invalid user oracle [preauth]
Jul 14 09:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7604]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 09:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.105.135
Jul 14 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7613]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7612]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7614]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7611]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7611]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7604]: Failed password for invalid user oracle from 47.243.105.135 port 55214 ssh2
Jul 14 09:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7604]: Connection closed by 47.243.105.135 port 55214 [preauth]
Jul 14 09:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7686]: Successful su for rubyman by root
Jul 14 09:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7686]: + ??? root:rubyman
Jul 14 09:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7686]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783466 of user rubyman.
Jul 14 09:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7686]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783466.
Jul 14 09:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4082]: pam_unix(cron:session): session closed for user root
Jul 14 09:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7612]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Jul 14 09:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7607]: Failed password for root from 193.32.162.157 port 21230 ssh2
Jul 14 09:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7607]: Connection closed by 193.32.162.157 port 21230 [preauth]
Jul 14 09:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6511]: pam_unix(cron:session): session closed for user root
Jul 14 09:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Jul 14 09:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7946]: Failed password for root from 193.32.162.157 port 33912 ssh2
Jul 14 09:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7946]: Connection closed by 193.32.162.157 port 33912 [preauth]
Jul 14 09:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Jul 14 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8035]: Failed password for root from 193.32.162.157 port 16244 ssh2
Jul 14 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8065]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8066]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8064]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8063]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8063]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8250]: Successful su for rubyman by root
Jul 14 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8250]: + ??? root:rubyman
Jul 14 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8250]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783470 of user rubyman.
Jul 14 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8250]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783470.
Jul 14 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8035]: Connection closed by 193.32.162.157 port 16244 [preauth]
Jul 14 09:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4767]: pam_unix(cron:session): session closed for user root
Jul 14 09:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8064]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Jul 14 09:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8441]: Failed password for root from 193.32.162.157 port 20874 ssh2
Jul 14 09:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8441]: Connection closed by 193.32.162.157 port 20874 [preauth]
Jul 14 09:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7049]: pam_unix(cron:session): session closed for user root
Jul 14 09:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Jul 14 09:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8529]: Failed password for root from 193.32.162.157 port 16952 ssh2
Jul 14 09:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8529]: Connection closed by 193.32.162.157 port 16952 [preauth]
Jul 14 09:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Jul 14 09:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8633]: Failed password for root from 193.32.162.157 port 23252 ssh2
Jul 14 09:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8633]: Connection closed by 193.32.162.157 port 23252 [preauth]
Jul 14 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8663]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8665]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8661]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8664]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8662]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8668]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8668]: pam_unix(cron:session): session closed for user root
Jul 14 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8661]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8750]: Successful su for rubyman by root
Jul 14 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8750]: + ??? root:rubyman
Jul 14 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8750]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783474 of user rubyman.
Jul 14 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8750]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783474.
Jul 14 09:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5431]: pam_unix(cron:session): session closed for user root
Jul 14 09:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8663]: pam_unix(cron:session): session closed for user root
Jul 14 09:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8662]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Jul 14 09:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8656]: Failed password for root from 193.32.162.157 port 18960 ssh2
Jul 14 09:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8656]: Connection closed by 193.32.162.157 port 18960 [preauth]
Jul 14 09:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7614]: pam_unix(cron:session): session closed for user root
Jul 14 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9229]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9228]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9230]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9226]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9226]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9331]: Successful su for rubyman by root
Jul 14 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9331]: + ??? root:rubyman
Jul 14 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9331]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783481 of user rubyman.
Jul 14 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9331]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783481.
Jul 14 09:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6028]: pam_unix(cron:session): session closed for user root
Jul 14 09:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9228]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8066]: pam_unix(cron:session): session closed for user root
Jul 14 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9681]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9683]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9680]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9679]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9679]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9750]: Successful su for rubyman by root
Jul 14 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9750]: + ??? root:rubyman
Jul 14 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9750]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783483 of user rubyman.
Jul 14 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9750]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783483.
Jul 14 09:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6510]: pam_unix(cron:session): session closed for user root
Jul 14 09:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9680]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8665]: pam_unix(cron:session): session closed for user root
Jul 14 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10105]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10104]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10103]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10102]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10102]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10165]: Successful su for rubyman by root
Jul 14 09:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10165]: + ??? root:rubyman
Jul 14 09:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10165]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783488 of user rubyman.
Jul 14 09:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10165]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783488.
Jul 14 09:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7048]: pam_unix(cron:session): session closed for user root
Jul 14 09:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10103]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9230]: pam_unix(cron:session): session closed for user root
Jul 14 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10643]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10641]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10640]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10639]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10639]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10744]: Successful su for rubyman by root
Jul 14 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10744]: + ??? root:rubyman
Jul 14 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10744]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783491 of user rubyman.
Jul 14 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10744]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783491.
Jul 14 09:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7613]: pam_unix(cron:session): session closed for user root
Jul 14 09:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10640]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9683]: pam_unix(cron:session): session closed for user root
Jul 14 09:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11028]: Invalid user vr from 193.32.162.141
Jul 14 09:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11028]: input_userauth_request: invalid user vr [preauth]
Jul 14 09:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11028]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 09:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.141
Jul 14 09:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11028]: Failed password for invalid user vr from 193.32.162.141 port 36548 ssh2
Jul 14 09:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11028]: Connection closed by 193.32.162.141 port 36548 [preauth]
Jul 14 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11087]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11088]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11085]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11083]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11082]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11086]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11088]: pam_unix(cron:session): session closed for user root
Jul 14 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11082]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11157]: Successful su for rubyman by root
Jul 14 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11157]: + ??? root:rubyman
Jul 14 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11157]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783495 of user rubyman.
Jul 14 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11157]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783495.
Jul 14 09:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11085]: pam_unix(cron:session): session closed for user root
Jul 14 09:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8065]: pam_unix(cron:session): session closed for user root
Jul 14 09:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11083]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10105]: pam_unix(cron:session): session closed for user root
Jul 14 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11527]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11530]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11528]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11526]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11526]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11599]: Successful su for rubyman by root
Jul 14 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11599]: + ??? root:rubyman
Jul 14 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11599]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783503 of user rubyman.
Jul 14 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11599]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783503.
Jul 14 09:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8664]: pam_unix(cron:session): session closed for user root
Jul 14 09:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11527]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10643]: pam_unix(cron:session): session closed for user root
Jul 14 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11960]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11959]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11958]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11957]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11957]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12017]: Successful su for rubyman by root
Jul 14 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12017]: + ??? root:rubyman
Jul 14 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12017]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783505 of user rubyman.
Jul 14 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12017]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783505.
Jul 14 09:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9229]: pam_unix(cron:session): session closed for user root
Jul 14 09:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11958]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11087]: pam_unix(cron:session): session closed for user root
Jul 14 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12387]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12384]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12386]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12385]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12384]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12474]: Successful su for rubyman by root
Jul 14 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12474]: + ??? root:rubyman
Jul 14 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12474]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783510 of user rubyman.
Jul 14 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12474]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783510.
Jul 14 09:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9681]: pam_unix(cron:session): session closed for user root
Jul 14 09:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12385]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11530]: pam_unix(cron:session): session closed for user root
Jul 14 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12865]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12866]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12864]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12861]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12861]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12932]: Successful su for rubyman by root
Jul 14 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12932]: + ??? root:rubyman
Jul 14 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12932]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783515 of user rubyman.
Jul 14 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12932]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783515.
Jul 14 09:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10104]: pam_unix(cron:session): session closed for user root
Jul 14 09:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12864]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11960]: pam_unix(cron:session): session closed for user root
Jul 14 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13327]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13331]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13326]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13330]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13329]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13324]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13331]: pam_unix(cron:session): session closed for user root
Jul 14 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13324]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13398]: Successful su for rubyman by root
Jul 14 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13398]: + ??? root:rubyman
Jul 14 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13398]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783520 of user rubyman.
Jul 14 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13398]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783520.
Jul 14 09:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13327]: pam_unix(cron:session): session closed for user root
Jul 14 09:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10641]: pam_unix(cron:session): session closed for user root
Jul 14 09:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13326]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12387]: pam_unix(cron:session): session closed for user root
Jul 14 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13878]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13879]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13876]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13877]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13876]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13944]: Successful su for rubyman by root
Jul 14 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13944]: + ??? root:rubyman
Jul 14 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13944]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783524 of user rubyman.
Jul 14 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13944]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783524.
Jul 14 09:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11086]: pam_unix(cron:session): session closed for user root
Jul 14 09:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13877]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12866]: pam_unix(cron:session): session closed for user root
Jul 14 09:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14275]: Did not receive identification string from 14.103.170.189
Jul 14 09:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14291]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14289]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14292]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14290]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14289]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14351]: Successful su for rubyman by root
Jul 14 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14351]: + ??? root:rubyman
Jul 14 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14351]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783529 of user rubyman.
Jul 14 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14351]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783529.
Jul 14 09:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14286]: Failed password for root from 14.103.170.189 port 36686 ssh2
Jul 14 09:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14286]: Connection closed by 14.103.170.189 port 36686 [preauth]
Jul 14 09:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11528]: pam_unix(cron:session): session closed for user root
Jul 14 09:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14290]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14578]: Invalid user vr from 193.32.162.141
Jul 14 09:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14578]: input_userauth_request: invalid user vr [preauth]
Jul 14 09:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14578]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 09:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.141
Jul 14 09:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14578]: Failed password for invalid user vr from 193.32.162.141 port 53888 ssh2
Jul 14 09:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14578]: Connection closed by 193.32.162.141 port 53888 [preauth]
Jul 14 09:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13330]: pam_unix(cron:session): session closed for user root
Jul 14 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14710]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14709]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14708]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14707]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14707]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14769]: Successful su for rubyman by root
Jul 14 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14769]: + ??? root:rubyman
Jul 14 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14769]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783531 of user rubyman.
Jul 14 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14769]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783531.
Jul 14 09:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11959]: pam_unix(cron:session): session closed for user root
Jul 14 09:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14708]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13879]: pam_unix(cron:session): session closed for user root
Jul 14 09:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14515]: Failed password for root from 14.103.170.189 port 36700 ssh2
Jul 14 09:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14515]: Connection closed by 14.103.170.189 port 36700 [preauth]
Jul 14 09:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15070]: Failed password for root from 14.103.170.189 port 49898 ssh2
Jul 14 09:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15070]: Connection closed by 14.103.170.189 port 49898 [preauth]
Jul 14 09:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15101]: Failed password for root from 14.103.170.189 port 43010 ssh2
Jul 14 09:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15101]: Connection closed by 14.103.170.189 port 43010 [preauth]
Jul 14 09:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15105]: Failed password for root from 14.103.170.189 port 43020 ssh2
Jul 14 09:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15105]: Connection closed by 14.103.170.189 port 43020 [preauth]
Jul 14 09:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15119]: Failed password for root from 14.103.170.189 port 13100 ssh2
Jul 14 09:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15119]: Connection closed by 14.103.170.189 port 13100 [preauth]
Jul 14 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15133]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15131]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15134]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15130]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15130]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15189]: Successful su for rubyman by root
Jul 14 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15189]: + ??? root:rubyman
Jul 14 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15189]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783537 of user rubyman.
Jul 14 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15189]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783537.
Jul 14 09:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12386]: pam_unix(cron:session): session closed for user root
Jul 14 09:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15131]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15324]: Failed password for root from 14.103.170.189 port 13136 ssh2
Jul 14 09:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15324]: Connection closed by 14.103.170.189 port 13136 [preauth]
Jul 14 09:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15385]: Failed password for root from 14.103.170.189 port 17218 ssh2
Jul 14 09:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15385]: Connection closed by 14.103.170.189 port 17218 [preauth]
Jul 14 09:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15398]: Failed password for root from 14.103.170.189 port 17228 ssh2
Jul 14 09:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15398]: Connection closed by 14.103.170.189 port 17228 [preauth]
Jul 14 09:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15420]: Failed password for root from 14.103.170.189 port 64984 ssh2
Jul 14 09:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15420]: Connection closed by 14.103.170.189 port 64984 [preauth]
Jul 14 09:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15433]: Failed password for root from 14.103.170.189 port 64992 ssh2
Jul 14 09:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15433]: Connection closed by 14.103.170.189 port 64992 [preauth]
Jul 14 09:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15447]: Failed password for root from 14.103.170.189 port 52932 ssh2
Jul 14 09:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15447]: Connection closed by 14.103.170.189 port 52932 [preauth]
Jul 14 09:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15459]: Failed password for root from 14.103.170.189 port 52948 ssh2
Jul 14 09:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15459]: Connection closed by 14.103.170.189 port 52948 [preauth]
Jul 14 09:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
Jul 14 09:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14292]: pam_unix(cron:session): session closed for user root
Jul 14 09:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15480]: Failed password for root from 164.68.105.9 port 51824 ssh2
Jul 14 09:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15470]: Failed password for root from 14.103.170.189 port 52950 ssh2
Jul 14 09:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15470]: Connection closed by 14.103.170.189 port 52950 [preauth]
Jul 14 09:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15480]: Connection closed by 164.68.105.9 port 51824 [preauth]
Jul 14 09:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15507]: Failed password for root from 14.103.170.189 port 51250 ssh2
Jul 14 09:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15507]: Connection closed by 14.103.170.189 port 51250 [preauth]
Jul 14 09:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15531]: Failed password for root from 14.103.170.189 port 59710 ssh2
Jul 14 09:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15531]: Connection closed by 14.103.170.189 port 59710 [preauth]
Jul 14 09:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15541]: Failed password for root from 14.103.170.189 port 59722 ssh2
Jul 14 09:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15541]: Connection closed by 14.103.170.189 port 59722 [preauth]
Jul 14 09:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15543]: Failed password for root from 14.103.170.189 port 59726 ssh2
Jul 14 09:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15543]: Connection closed by 14.103.170.189 port 59726 [preauth]
Jul 14 09:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15571]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15568]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15569]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15572]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15565]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15567]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15572]: pam_unix(cron:session): session closed for user root
Jul 14 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15565]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15636]: Successful su for rubyman by root
Jul 14 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15636]: + ??? root:rubyman
Jul 14 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15636]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783539 of user rubyman.
Jul 14 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15636]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783539.
Jul 14 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15562]: Failed password for root from 14.103.170.189 port 24764 ssh2
Jul 14 09:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15562]: Connection closed by 14.103.170.189 port 24764 [preauth]
Jul 14 09:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12865]: pam_unix(cron:session): session closed for user root
Jul 14 09:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15568]: pam_unix(cron:session): session closed for user root
Jul 14 09:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15567]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15741]: Failed password for root from 14.103.170.189 port 24766 ssh2
Jul 14 09:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15741]: Connection closed by 14.103.170.189 port 24766 [preauth]
Jul 14 09:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15866]: Failed password for root from 14.103.170.189 port 38972 ssh2
Jul 14 09:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15866]: Connection closed by 14.103.170.189 port 38972 [preauth]
Jul 14 09:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15889]: Failed password for root from 14.103.170.189 port 21782 ssh2
Jul 14 09:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15889]: Connection closed by 14.103.170.189 port 21782 [preauth]
Jul 14 09:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15899]: Failed password for root from 14.103.170.189 port 21792 ssh2
Jul 14 09:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15899]: Connection closed by 14.103.170.189 port 21792 [preauth]
Jul 14 09:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15929]: Failed password for root from 14.103.170.189 port 41608 ssh2
Jul 14 09:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15929]: Connection closed by 14.103.170.189 port 41608 [preauth]
Jul 14 09:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15932]: Failed password for root from 14.103.170.189 port 41622 ssh2
Jul 14 09:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15932]: Connection closed by 14.103.170.189 port 41622 [preauth]
Jul 14 09:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14710]: pam_unix(cron:session): session closed for user root
Jul 14 09:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15970]: Failed password for root from 14.103.170.189 port 37132 ssh2
Jul 14 09:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15970]: Connection closed by 14.103.170.189 port 37132 [preauth]
Jul 14 09:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15972]: Failed password for root from 14.103.170.189 port 37142 ssh2
Jul 14 09:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15972]: Connection closed by 14.103.170.189 port 37142 [preauth]
Jul 14 09:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15997]: Invalid user sophia from 46.101.170.54
Jul 14 09:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15997]: input_userauth_request: invalid user sophia [preauth]
Jul 14 09:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15997]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 09:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.170.54
Jul 14 09:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15995]: Failed password for root from 14.103.170.189 port 22550 ssh2
Jul 14 09:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15997]: Failed password for invalid user sophia from 46.101.170.54 port 46236 ssh2
Jul 14 09:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15995]: Connection closed by 14.103.170.189 port 22550 [preauth]
Jul 14 09:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15997]: Connection closed by 46.101.170.54 port 46236 [preauth]
Jul 14 09:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16015]: Failed password for root from 14.103.170.189 port 20180 ssh2
Jul 14 09:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16015]: Connection closed by 14.103.170.189 port 20180 [preauth]
Jul 14 09:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16032]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16030]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16031]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16029]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16029]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16098]: Successful su for rubyman by root
Jul 14 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16098]: + ??? root:rubyman
Jul 14 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16098]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783545 of user rubyman.
Jul 14 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16098]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783545.
Jul 14 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16025]: Failed password for root from 14.103.170.189 port 20190 ssh2
Jul 14 09:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16025]: Connection closed by 14.103.170.189 port 20190 [preauth]
Jul 14 09:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13329]: pam_unix(cron:session): session closed for user root
Jul 14 09:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16167]: Failed password for root from 14.103.170.189 port 20200 ssh2
Jul 14 09:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16167]: Connection closed by 14.103.170.189 port 20200 [preauth]
Jul 14 09:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16030]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16277]: Failed password for root from 14.103.170.189 port 44068 ssh2
Jul 14 09:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16277]: Connection closed by 14.103.170.189 port 44068 [preauth]
Jul 14 09:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16300]: Failed password for root from 14.103.170.189 port 44076 ssh2
Jul 14 09:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16300]: Connection closed by 14.103.170.189 port 44076 [preauth]
Jul 14 09:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16304]: Failed password for root from 14.103.170.189 port 44084 ssh2
Jul 14 09:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16304]: Connection closed by 14.103.170.189 port 44084 [preauth]
Jul 14 09:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16325]: Failed password for root from 14.103.170.189 port 17898 ssh2
Jul 14 09:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16325]: Connection closed by 14.103.170.189 port 17898 [preauth]
Jul 14 09:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16339]: Failed password for root from 14.103.170.189 port 17906 ssh2
Jul 14 09:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16339]: Connection closed by 14.103.170.189 port 17906 [preauth]
Jul 14 09:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16353]: Failed password for root from 14.103.170.189 port 17922 ssh2
Jul 14 09:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16353]: Connection closed by 14.103.170.189 port 17922 [preauth]
Jul 14 09:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16364]: Failed password for root from 14.103.170.189 port 23218 ssh2
Jul 14 09:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16364]: Connection closed by 14.103.170.189 port 23218 [preauth]
Jul 14 09:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15134]: pam_unix(cron:session): session closed for user root
Jul 14 09:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16374]: Failed password for root from 14.103.170.189 port 23222 ssh2
Jul 14 09:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16374]: Connection closed by 14.103.170.189 port 23222 [preauth]
Jul 14 09:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16403]: Failed password for root from 14.103.170.189 port 33490 ssh2
Jul 14 09:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16403]: Connection closed by 14.103.170.189 port 33490 [preauth]
Jul 14 09:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16406]: Failed password for root from 14.103.170.189 port 33500 ssh2
Jul 14 09:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16406]: Connection closed by 14.103.170.189 port 33500 [preauth]
Jul 14 09:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16424]: Failed password for root from 14.103.170.189 port 33516 ssh2
Jul 14 09:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16424]: Connection closed by 14.103.170.189 port 33516 [preauth]
Jul 14 09:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16455]: Failed password for root from 14.103.170.189 port 17158 ssh2
Jul 14 09:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16455]: Connection closed by 14.103.170.189 port 17158 [preauth]
Jul 14 09:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16457]: Failed password for root from 14.103.170.189 port 17170 ssh2
Jul 14 09:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16472]: Failed password for root from 14.103.170.189 port 48138 ssh2
Jul 14 09:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16472]: Connection closed by 14.103.170.189 port 48138 [preauth]
Jul 14 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16501]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16502]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16499]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16498]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16498]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16577]: Successful su for rubyman by root
Jul 14 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16577]: + ??? root:rubyman
Jul 14 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16577]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783550 of user rubyman.
Jul 14 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16577]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783550.
Jul 14 09:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16487]: Failed password for root from 14.103.170.189 port 48160 ssh2
Jul 14 09:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16487]: Connection closed by 14.103.170.189 port 48160 [preauth]
Jul 14 09:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13878]: pam_unix(cron:session): session closed for user root
Jul 14 09:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16751]: Failed password for root from 14.103.170.189 port 48176 ssh2
Jul 14 09:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16751]: Connection closed by 14.103.170.189 port 48176 [preauth]
Jul 14 09:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16499]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16781]: Failed password for root from 14.103.170.189 port 25498 ssh2
Jul 14 09:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16781]: Connection closed by 14.103.170.189 port 25498 [preauth]
Jul 14 09:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16801]: Failed password for root from 14.103.170.189 port 25500 ssh2
Jul 14 09:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16801]: Connection closed by 14.103.170.189 port 25500 [preauth]
Jul 14 09:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16815]: Failed password for root from 14.103.170.189 port 25508 ssh2
Jul 14 09:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16815]: Connection closed by 14.103.170.189 port 25508 [preauth]
Jul 14 09:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16839]: Failed password for root from 14.103.170.189 port 60268 ssh2
Jul 14 09:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16839]: Connection closed by 14.103.170.189 port 60268 [preauth]
Jul 14 09:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16850]: Failed password for root from 14.103.170.189 port 60278 ssh2
Jul 14 09:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16850]: Connection closed by 14.103.170.189 port 60278 [preauth]
Jul 14 09:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15571]: pam_unix(cron:session): session closed for user root
Jul 14 09:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16852]: Failed password for root from 14.103.170.189 port 60282 ssh2
Jul 14 09:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16852]: Connection closed by 14.103.170.189 port 60282 [preauth]
Jul 14 09:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16947]: Failed password for root from 14.103.170.189 port 40698 ssh2
Jul 14 09:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16947]: Connection closed by 14.103.170.189 port 40698 [preauth]
Jul 14 09:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16969]: Failed password for root from 14.103.170.189 port 22340 ssh2
Jul 14 09:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16969]: Connection closed by 14.103.170.189 port 22340 [preauth]
Jul 14 09:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16980]: Failed password for root from 14.103.170.189 port 22354 ssh2
Jul 14 09:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16980]: Connection closed by 14.103.170.189 port 22354 [preauth]
Jul 14 09:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17006]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17005]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17007]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17004]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17004]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16985]: Failed password for root from 14.103.170.189 port 22360 ssh2
Jul 14 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17066]: Successful su for rubyman by root
Jul 14 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17066]: + ??? root:rubyman
Jul 14 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17066]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783553 of user rubyman.
Jul 14 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17066]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783553.
Jul 14 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16985]: Connection closed by 14.103.170.189 port 22360 [preauth]
Jul 14 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14291]: pam_unix(cron:session): session closed for user root
Jul 14 09:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17135]: Failed password for root from 14.103.170.189 port 57212 ssh2
Jul 14 09:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17135]: Connection closed by 14.103.170.189 port 57212 [preauth]
Jul 14 09:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17005]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17261]: Failed password for root from 14.103.170.189 port 48194 ssh2
Jul 14 09:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17261]: Connection closed by 14.103.170.189 port 48194 [preauth]
Jul 14 09:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17289]: Failed password for root from 14.103.170.189 port 48208 ssh2
Jul 14 09:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17289]: Connection closed by 14.103.170.189 port 48208 [preauth]
Jul 14 09:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17314]: Failed password for root from 14.103.170.189 port 26198 ssh2
Jul 14 09:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17314]: Connection closed by 14.103.170.189 port 26198 [preauth]
Jul 14 09:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17324]: Failed password for root from 14.103.170.189 port 26204 ssh2
Jul 14 09:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17324]: Connection closed by 14.103.170.189 port 26204 [preauth]
Jul 14 09:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17343]: Failed password for root from 14.103.170.189 port 56458 ssh2
Jul 14 09:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17343]: Connection closed by 14.103.170.189 port 56458 [preauth]
Jul 14 09:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17350]: Failed password for root from 14.103.170.189 port 56476 ssh2
Jul 14 09:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17350]: Connection closed by 14.103.170.189 port 56476 [preauth]
Jul 14 09:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16032]: pam_unix(cron:session): session closed for user root
Jul 14 09:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17364]: Failed password for root from 14.103.170.189 port 56478 ssh2
Jul 14 09:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17364]: Connection closed by 14.103.170.189 port 56478 [preauth]
Jul 14 09:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17393]: Failed password for root from 14.103.170.189 port 57060 ssh2
Jul 14 09:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17393]: Connection closed by 14.103.170.189 port 57060 [preauth]
Jul 14 09:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17395]: Failed password for root from 14.103.170.189 port 57066 ssh2
Jul 14 09:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17395]: Connection closed by 14.103.170.189 port 57066 [preauth]
Jul 14 09:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17423]: Failed password for root from 14.103.170.189 port 57078 ssh2
Jul 14 09:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17423]: Connection closed by 14.103.170.189 port 57078 [preauth]
Jul 14 09:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: Failed password for root from 14.103.170.189 port 22864 ssh2
Jul 14 09:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: Connection closed by 14.103.170.189 port 22864 [preauth]
Jul 14 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17460]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17458]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17461]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17457]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17455]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17457]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17615]: Successful su for rubyman by root
Jul 14 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17615]: + ??? root:rubyman
Jul 14 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17615]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783559 of user rubyman.
Jul 14 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17615]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783559.
Jul 14 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17455]: pam_unix(cron:session): session closed for user root
Jul 14 09:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17453]: Failed password for root from 14.103.170.189 port 12082 ssh2
Jul 14 09:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17453]: Connection closed by 14.103.170.189 port 12082 [preauth]
Jul 14 09:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14709]: pam_unix(cron:session): session closed for user root
Jul 14 09:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17763]: Failed password for root from 14.103.170.189 port 12092 ssh2
Jul 14 09:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17763]: Connection closed by 14.103.170.189 port 12092 [preauth]
Jul 14 09:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17458]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17932]: Failed password for root from 14.103.170.189 port 18004 ssh2
Jul 14 09:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17932]: Connection closed by 14.103.170.189 port 18004 [preauth]
Jul 14 09:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17956]: Failed password for root from 14.103.170.189 port 18014 ssh2
Jul 14 09:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17956]: Connection closed by 14.103.170.189 port 18014 [preauth]
Jul 14 09:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17982]: Failed password for root from 14.103.170.189 port 63752 ssh2
Jul 14 09:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17982]: Connection closed by 14.103.170.189 port 63752 [preauth]
Jul 14 09:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18017]: Failed password for root from 14.103.170.189 port 25068 ssh2
Jul 14 09:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18017]: Connection closed by 14.103.170.189 port 25068 [preauth]
Jul 14 09:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16502]: pam_unix(cron:session): session closed for user root
Jul 14 09:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18031]: Failed password for root from 14.103.170.189 port 25082 ssh2
Jul 14 09:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18031]: Connection closed by 14.103.170.189 port 25082 [preauth]
Jul 14 09:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18068]: Failed password for root from 14.103.170.189 port 13254 ssh2
Jul 14 09:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18068]: Connection closed by 14.103.170.189 port 13254 [preauth]
Jul 14 09:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18091]: Failed password for root from 14.103.170.189 port 48254 ssh2
Jul 14 09:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18091]: Connection closed by 14.103.170.189 port 48254 [preauth]
Jul 14 09:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18102]: Failed password for root from 14.103.170.189 port 48264 ssh2
Jul 14 09:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18102]: Connection closed by 14.103.170.189 port 48264 [preauth]
Jul 14 09:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18124]: Invalid user vr from 193.32.162.141
Jul 14 09:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18124]: input_userauth_request: invalid user vr [preauth]
Jul 14 09:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18124]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 09:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.141
Jul 14 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18134]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18132]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18133]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18130]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18131]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18128]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18134]: pam_unix(cron:session): session closed for user root
Jul 14 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18128]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18200]: Successful su for rubyman by root
Jul 14 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18200]: + ??? root:rubyman
Jul 14 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18200]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783564 of user rubyman.
Jul 14 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18200]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783564.
Jul 14 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18124]: Failed password for invalid user vr from 193.32.162.141 port 42998 ssh2
Jul 14 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18124]: Connection closed by 193.32.162.141 port 42998 [preauth]
Jul 14 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18131]: pam_unix(cron:session): session closed for user root
Jul 14 09:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18213]: Failed password for root from 14.103.170.189 port 32994 ssh2
Jul 14 09:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18213]: Connection closed by 14.103.170.189 port 32994 [preauth]
Jul 14 09:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15133]: pam_unix(cron:session): session closed for user root
Jul 14 09:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18130]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17007]: pam_unix(cron:session): session closed for user root
Jul 14 09:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18424]: Failed password for root from 14.103.170.189 port 35054 ssh2
Jul 14 09:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18599]: Failed password for root from 14.103.170.189 port 21126 ssh2
Jul 14 09:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18599]: Connection closed by 14.103.170.189 port 21126 [preauth]
Jul 14 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18615]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18616]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18614]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18613]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18613]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18686]: Successful su for rubyman by root
Jul 14 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18686]: + ??? root:rubyman
Jul 14 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18686]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783569 of user rubyman.
Jul 14 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18686]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783569.
Jul 14 09:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18610]: Failed password for root from 14.103.170.189 port 21134 ssh2
Jul 14 09:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18610]: Connection closed by 14.103.170.189 port 21134 [preauth]
Jul 14 09:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15569]: pam_unix(cron:session): session closed for user root
Jul 14 09:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18614]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18779]: Failed password for root from 14.103.170.189 port 21150 ssh2
Jul 14 09:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18779]: Connection closed by 14.103.170.189 port 21150 [preauth]
Jul 14 09:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18887]: Failed password for root from 14.103.170.189 port 46862 ssh2
Jul 14 09:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18887]: Connection closed by 14.103.170.189 port 46862 [preauth]
Jul 14 09:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18901]: Failed password for root from 14.103.170.189 port 46874 ssh2
Jul 14 09:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18901]: Connection closed by 14.103.170.189 port 46874 [preauth]
Jul 14 09:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18928]: Failed password for root from 14.103.170.189 port 17202 ssh2
Jul 14 09:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18928]: Connection closed by 14.103.170.189 port 17202 [preauth]
Jul 14 09:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18939]: Failed password for root from 14.103.170.189 port 17218 ssh2
Jul 14 09:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18939]: Connection closed by 14.103.170.189 port 17218 [preauth]
Jul 14 09:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18954]: Failed password for root from 14.103.170.189 port 56258 ssh2
Jul 14 09:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18954]: Connection closed by 14.103.170.189 port 56258 [preauth]
Jul 14 09:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18964]: Failed password for root from 14.103.170.189 port 56260 ssh2
Jul 14 09:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17461]: pam_unix(cron:session): session closed for user root
Jul 14 09:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.170.189  user=root
Jul 14 09:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19002]: Failed password for root from 14.103.170.189 port 62696 ssh2
Jul 14 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19064]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19060]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19065]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19059]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19059]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19128]: Successful su for rubyman by root
Jul 14 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19128]: + ??? root:rubyman
Jul 14 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19128]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783574 of user rubyman.
Jul 14 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19128]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783574.
Jul 14 09:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16031]: pam_unix(cron:session): session closed for user root
Jul 14 09:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.51.96.38  user=root
Jul 14 09:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19060]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19308]: Failed password for root from 158.51.96.38 port 47180 ssh2
Jul 14 09:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19308]: Connection closed by 158.51.96.38 port 47180 [preauth]
Jul 14 09:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.51.96.38  user=root
Jul 14 09:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19326]: Failed password for root from 158.51.96.38 port 47196 ssh2
Jul 14 09:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19326]: Connection closed by 158.51.96.38 port 47196 [preauth]
Jul 14 09:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18133]: pam_unix(cron:session): session closed for user root
Jul 14 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19487]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19486]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19484]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19485]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19484]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19548]: Successful su for rubyman by root
Jul 14 09:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19548]: + ??? root:rubyman
Jul 14 09:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19548]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783577 of user rubyman.
Jul 14 09:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19548]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783577.
Jul 14 09:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16501]: pam_unix(cron:session): session closed for user root
Jul 14 09:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19485]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18616]: pam_unix(cron:session): session closed for user root
Jul 14 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19928]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19927]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19925]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19924]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19924]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19993]: Successful su for rubyman by root
Jul 14 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19993]: + ??? root:rubyman
Jul 14 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19993]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783581 of user rubyman.
Jul 14 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19993]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783581.
Jul 14 09:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17006]: pam_unix(cron:session): session closed for user root
Jul 14 09:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19925]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19065]: pam_unix(cron:session): session closed for user root
Jul 14 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20335]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20337]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20333]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20334]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20338]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20336]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20338]: pam_unix(cron:session): session closed for user root
Jul 14 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20333]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20413]: Successful su for rubyman by root
Jul 14 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20413]: + ??? root:rubyman
Jul 14 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20413]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783587 of user rubyman.
Jul 14 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20413]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783587.
Jul 14 09:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20335]: pam_unix(cron:session): session closed for user root
Jul 14 09:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17460]: pam_unix(cron:session): session closed for user root
Jul 14 09:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20334]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19487]: pam_unix(cron:session): session closed for user root
Jul 14 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20799]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20796]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20798]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20795]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20795]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20871]: Successful su for rubyman by root
Jul 14 09:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20871]: + ??? root:rubyman
Jul 14 09:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20871]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783591 of user rubyman.
Jul 14 09:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20871]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783591.
Jul 14 09:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18132]: pam_unix(cron:session): session closed for user root
Jul 14 09:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20796]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19928]: pam_unix(cron:session): session closed for user root
Jul 14 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21246]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21247]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21245]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21244]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21244]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21320]: Successful su for rubyman by root
Jul 14 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21320]: + ??? root:rubyman
Jul 14 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21320]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783595 of user rubyman.
Jul 14 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21320]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783595.
Jul 14 09:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18615]: pam_unix(cron:session): session closed for user root
Jul 14 09:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21245]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20337]: pam_unix(cron:session): session closed for user root
Jul 14 09:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21633]: Invalid user vor from 193.32.162.141
Jul 14 09:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21633]: input_userauth_request: invalid user vor [preauth]
Jul 14 09:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21633]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 09:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.141
Jul 14 09:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21633]: Failed password for invalid user vor from 193.32.162.141 port 60340 ssh2
Jul 14 09:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21633]: Connection closed by 193.32.162.141 port 60340 [preauth]
Jul 14 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21710]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21711]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21709]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21708]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21708]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21870]: Successful su for rubyman by root
Jul 14 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21870]: + ??? root:rubyman
Jul 14 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21870]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783598 of user rubyman.
Jul 14 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21870]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783598.
Jul 14 09:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19064]: pam_unix(cron:session): session closed for user root
Jul 14 09:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21709]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20799]: pam_unix(cron:session): session closed for user root
Jul 14 09:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.78.29  user=root
Jul 14 09:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22453]: Failed password for root from 201.48.78.29 port 33778 ssh2
Jul 14 09:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22453]: Received disconnect from 201.48.78.29 port 33778:11: Bye Bye [preauth]
Jul 14 09:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22453]: Disconnected from 201.48.78.29 port 33778 [preauth]
Jul 14 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22480]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22481]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22478]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22479]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22478]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22556]: Successful su for rubyman by root
Jul 14 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22556]: + ??? root:rubyman
Jul 14 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22556]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783603 of user rubyman.
Jul 14 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22556]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783603.
Jul 14 09:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19486]: pam_unix(cron:session): session closed for user root
Jul 14 09:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22479]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21247]: pam_unix(cron:session): session closed for user root
Jul 14 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22965]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22966]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22969]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22961]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22964]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22962]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22969]: pam_unix(cron:session): session closed for user root
Jul 14 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22961]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23044]: Successful su for rubyman by root
Jul 14 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23044]: + ??? root:rubyman
Jul 14 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23044]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783607 of user rubyman.
Jul 14 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23044]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783607.
Jul 14 09:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19927]: pam_unix(cron:session): session closed for user root
Jul 14 09:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22964]: pam_unix(cron:session): session closed for user root
Jul 14 09:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22962]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21711]: pam_unix(cron:session): session closed for user root
Jul 14 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23518]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23519]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23520]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23516]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23516]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23592]: Successful su for rubyman by root
Jul 14 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23592]: + ??? root:rubyman
Jul 14 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23592]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783612 of user rubyman.
Jul 14 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23592]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783612.
Jul 14 09:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20336]: pam_unix(cron:session): session closed for user root
Jul 14 09:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23518]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23960]: fatal: Unable to negotiate with 114.67.80.147 port 54293: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 [preauth]
Jul 14 09:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22481]: pam_unix(cron:session): session closed for user root
Jul 14 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24065]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24064]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24066]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24063]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24063]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24125]: Successful su for rubyman by root
Jul 14 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24125]: + ??? root:rubyman
Jul 14 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24125]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783616 of user rubyman.
Jul 14 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24125]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783616.
Jul 14 09:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.78.29  user=root
Jul 14 09:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20798]: pam_unix(cron:session): session closed for user root
Jul 14 09:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24064]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24255]: Failed password for root from 201.48.78.29 port 53040 ssh2
Jul 14 09:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24255]: Received disconnect from 201.48.78.29 port 53040:11: Bye Bye [preauth]
Jul 14 09:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24255]: Disconnected from 201.48.78.29 port 53040 [preauth]
Jul 14 09:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22966]: pam_unix(cron:session): session closed for user root
Jul 14 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24525]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24526]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24523]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24519]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24519]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24595]: Successful su for rubyman by root
Jul 14 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24595]: + ??? root:rubyman
Jul 14 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24595]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783620 of user rubyman.
Jul 14 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24595]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783620.
Jul 14 09:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21246]: pam_unix(cron:session): session closed for user root
Jul 14 09:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24523]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23520]: pam_unix(cron:session): session closed for user root
Jul 14 09:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.78.29  user=root
Jul 14 09:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24916]: Failed password for root from 201.48.78.29 port 53096 ssh2
Jul 14 09:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24916]: Received disconnect from 201.48.78.29 port 53096:11: Bye Bye [preauth]
Jul 14 09:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24916]: Disconnected from 201.48.78.29 port 53096 [preauth]
Jul 14 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24966]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24965]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24968]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24963]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24963]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25029]: Successful su for rubyman by root
Jul 14 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25029]: + ??? root:rubyman
Jul 14 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25029]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783624 of user rubyman.
Jul 14 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25029]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783624.
Jul 14 09:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21710]: pam_unix(cron:session): session closed for user root
Jul 14 09:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24965]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24066]: pam_unix(cron:session): session closed for user root
Jul 14 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25395]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25397]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25396]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25392]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25394]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25398]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25398]: pam_unix(cron:session): session closed for user root
Jul 14 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25392]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25465]: Successful su for rubyman by root
Jul 14 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25465]: + ??? root:rubyman
Jul 14 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25465]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783629 of user rubyman.
Jul 14 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25465]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783629.
Jul 14 09:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25395]: pam_unix(cron:session): session closed for user root
Jul 14 09:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22480]: pam_unix(cron:session): session closed for user root
Jul 14 09:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25394]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25778]: Invalid user var from 193.32.162.141
Jul 14 09:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25778]: input_userauth_request: invalid user var [preauth]
Jul 14 09:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.78.29  user=root
Jul 14 09:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25778]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 09:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.141
Jul 14 09:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25775]: Failed password for root from 201.48.78.29 port 53154 ssh2
Jul 14 09:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25778]: Failed password for invalid user var from 193.32.162.141 port 49448 ssh2
Jul 14 09:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25775]: Received disconnect from 201.48.78.29 port 53154:11: Bye Bye [preauth]
Jul 14 09:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25775]: Disconnected from 201.48.78.29 port 53154 [preauth]
Jul 14 09:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25778]: Connection closed by 193.32.162.141 port 49448 [preauth]
Jul 14 09:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24526]: pam_unix(cron:session): session closed for user root
Jul 14 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25929]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25932]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25931]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25927]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25927]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26002]: Successful su for rubyman by root
Jul 14 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26002]: + ??? root:rubyman
Jul 14 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26002]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783636 of user rubyman.
Jul 14 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26002]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783636.
Jul 14 09:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22965]: pam_unix(cron:session): session closed for user root
Jul 14 09:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25929]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24968]: pam_unix(cron:session): session closed for user root
Jul 14 09:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.78.29  user=root
Jul 14 09:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26349]: Failed password for root from 201.48.78.29 port 53204 ssh2
Jul 14 09:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26349]: Received disconnect from 201.48.78.29 port 53204:11: Bye Bye [preauth]
Jul 14 09:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26349]: Disconnected from 201.48.78.29 port 53204 [preauth]
Jul 14 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26374]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26371]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26373]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26372]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26371]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26450]: Successful su for rubyman by root
Jul 14 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26450]: + ??? root:rubyman
Jul 14 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26450]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783639 of user rubyman.
Jul 14 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26450]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783639.
Jul 14 09:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23519]: pam_unix(cron:session): session closed for user root
Jul 14 09:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26372]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26743]: Connection reset by 198.235.24.17 port 64556 [preauth]
Jul 14 09:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25397]: pam_unix(cron:session): session closed for user root
Jul 14 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26941]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26944]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26943]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26940]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26940]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27056]: Successful su for rubyman by root
Jul 14 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27056]: + ??? root:rubyman
Jul 14 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27056]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783644 of user rubyman.
Jul 14 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27056]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783644.
Jul 14 09:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24065]: pam_unix(cron:session): session closed for user root
Jul 14 09:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26941]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.15  user=root
Jul 14 09:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27321]: Failed password for root from 80.94.95.15 port 49777 ssh2
Jul 14 09:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27321]: Failed password for root from 80.94.95.15 port 49777 ssh2
Jul 14 09:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.78.29  user=root
Jul 14 09:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27321]: Failed password for root from 80.94.95.15 port 49777 ssh2
Jul 14 09:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27348]: Failed password for root from 201.48.78.29 port 53258 ssh2
Jul 14 09:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27348]: Received disconnect from 201.48.78.29 port 53258:11: Bye Bye [preauth]
Jul 14 09:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27348]: Disconnected from 201.48.78.29 port 53258 [preauth]
Jul 14 09:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27321]: Failed password for root from 80.94.95.15 port 49777 ssh2
Jul 14 09:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27321]: Failed password for root from 80.94.95.15 port 49777 ssh2
Jul 14 09:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27321]: Received disconnect from 80.94.95.15 port 49777:11: Bye [preauth]
Jul 14 09:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27321]: Disconnected from 80.94.95.15 port 49777 [preauth]
Jul 14 09:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27321]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.15  user=root
Jul 14 09:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27321]: PAM service(sshd) ignoring max retries; 5 > 3
Jul 14 09:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25932]: pam_unix(cron:session): session closed for user root
Jul 14 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27565]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27566]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27561]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27563]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27561]: pam_unix(cron:session): session closed for user p13x
Jul 14 09:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27633]: Successful su for rubyman by root
Jul 14 09:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27633]: + ??? root:rubyman
Jul 14 09:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27633]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 09:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783647 of user rubyman.
Jul 14 09:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27633]: pam_unix(su:session): session closed for user rubyman
Jul 14 09:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783647.
Jul 14 09:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24525]: pam_unix(cron:session): session closed for user root
Jul 14 09:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27563]: pam_unix(cron:session): session closed for user samftp
Jul 14 09:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26374]: pam_unix(cron:session): session closed for user root
Jul 14 09:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 09:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.78.29  user=root
Jul 14 09:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27992]: Failed password for root from 201.48.78.29 port 53312 ssh2
Jul 14 09:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27992]: Received disconnect from 201.48.78.29 port 53312:11: Bye Bye [preauth]
Jul 14 09:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27992]: Disconnected from 201.48.78.29 port 53312 [preauth]
Jul 14 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28019]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28017]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28020]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28014]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28018]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28016]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28013]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28020]: pam_unix(cron:session): session closed for user root
Jul 14 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28016]: pam_unix(cron:session): session closed for user root
Jul 14 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28013]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28117]: Successful su for rubyman by root
Jul 14 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28117]: + ??? root:rubyman
Jul 14 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28117]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783650 of user rubyman.
Jul 14 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28117]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783650.
Jul 14 10:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24966]: pam_unix(cron:session): session closed for user root
Jul 14 10:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28017]: pam_unix(cron:session): session closed for user root
Jul 14 10:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28014]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26944]: pam_unix(cron:session): session closed for user root
Jul 14 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28566]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28567]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28565]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28564]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28564]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28633]: Successful su for rubyman by root
Jul 14 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28633]: + ??? root:rubyman
Jul 14 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28633]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783658 of user rubyman.
Jul 14 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28633]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783658.
Jul 14 10:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25396]: pam_unix(cron:session): session closed for user root
Jul 14 10:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28565]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.78.29  user=root
Jul 14 10:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: Failed password for root from 201.48.78.29 port 53354 ssh2
Jul 14 10:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: Received disconnect from 201.48.78.29 port 53354:11: Bye Bye [preauth]
Jul 14 10:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: Disconnected from 201.48.78.29 port 53354 [preauth]
Jul 14 10:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27566]: pam_unix(cron:session): session closed for user root
Jul 14 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28989]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28988]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28990]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28987]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28987]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29143]: Successful su for rubyman by root
Jul 14 10:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29143]: + ??? root:rubyman
Jul 14 10:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29143]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783662 of user rubyman.
Jul 14 10:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29143]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783662.
Jul 14 10:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25931]: pam_unix(cron:session): session closed for user root
Jul 14 10:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28988]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28019]: pam_unix(cron:session): session closed for user root
Jul 14 10:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.78.29  user=root
Jul 14 10:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29480]: Failed password for root from 201.48.78.29 port 53392 ssh2
Jul 14 10:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29480]: Received disconnect from 201.48.78.29 port 53392:11: Bye Bye [preauth]
Jul 14 10:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29480]: Disconnected from 201.48.78.29 port 53392 [preauth]
Jul 14 10:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29513]: Invalid user www from 193.32.162.141
Jul 14 10:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29513]: input_userauth_request: invalid user www [preauth]
Jul 14 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29513]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.141
Jul 14 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29517]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29518]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29519]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29516]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29516]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29584]: Successful su for rubyman by root
Jul 14 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29584]: + ??? root:rubyman
Jul 14 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29584]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783665 of user rubyman.
Jul 14 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29584]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783665.
Jul 14 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29513]: Failed password for invalid user www from 193.32.162.141 port 38554 ssh2
Jul 14 10:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29513]: Connection closed by 193.32.162.141 port 38554 [preauth]
Jul 14 10:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26373]: pam_unix(cron:session): session closed for user root
Jul 14 10:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29517]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28567]: pam_unix(cron:session): session closed for user root
Jul 14 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29944]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29943]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29940]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29941]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29940]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30012]: Successful su for rubyman by root
Jul 14 10:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30012]: + ??? root:rubyman
Jul 14 10:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30012]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783669 of user rubyman.
Jul 14 10:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30012]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783669.
Jul 14 10:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26943]: pam_unix(cron:session): session closed for user root
Jul 14 10:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29941]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.78.29  user=root
Jul 14 10:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30217]: Failed password for root from 201.48.78.29 port 53442 ssh2
Jul 14 10:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30217]: Received disconnect from 201.48.78.29 port 53442:11: Bye Bye [preauth]
Jul 14 10:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30217]: Disconnected from 201.48.78.29 port 53442 [preauth]
Jul 14 10:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28990]: pam_unix(cron:session): session closed for user root
Jul 14 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30355]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30351]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30356]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30353]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30357]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30352]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30357]: pam_unix(cron:session): session closed for user root
Jul 14 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30351]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30425]: Successful su for rubyman by root
Jul 14 10:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30425]: + ??? root:rubyman
Jul 14 10:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30425]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783675 of user rubyman.
Jul 14 10:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30425]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783675.
Jul 14 10:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30353]: pam_unix(cron:session): session closed for user root
Jul 14 10:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27565]: pam_unix(cron:session): session closed for user root
Jul 14 10:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30352]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29519]: pam_unix(cron:session): session closed for user root
Jul 14 10:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.78.29  user=root
Jul 14 10:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30777]: Failed password for root from 201.48.78.29 port 53482 ssh2
Jul 14 10:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30777]: Received disconnect from 201.48.78.29 port 53482:11: Bye Bye [preauth]
Jul 14 10:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30777]: Disconnected from 201.48.78.29 port 53482 [preauth]
Jul 14 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30811]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30810]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30809]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30808]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30808]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30888]: Successful su for rubyman by root
Jul 14 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30888]: + ??? root:rubyman
Jul 14 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30888]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783679 of user rubyman.
Jul 14 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30888]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783679.
Jul 14 10:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28018]: pam_unix(cron:session): session closed for user root
Jul 14 10:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30809]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29944]: pam_unix(cron:session): session closed for user root
Jul 14 10:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74  user=root
Jul 14 10:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31272]: Failed password for root from 45.172.152.74 port 34744 ssh2
Jul 14 10:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31272]: Received disconnect from 45.172.152.74 port 34744:11: Bye Bye [preauth]
Jul 14 10:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31272]: Disconnected from 45.172.152.74 port 34744 [preauth]
Jul 14 10:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.224.139.145  user=root
Jul 14 10:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31329]: Failed password for root from 156.224.139.145 port 51750 ssh2
Jul 14 10:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31329]: Received disconnect from 156.224.139.145 port 51750:11: Bye Bye [preauth]
Jul 14 10:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31329]: Disconnected from 156.224.139.145 port 51750 [preauth]
Jul 14 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31345]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31344]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31342]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31341]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31341]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31406]: Successful su for rubyman by root
Jul 14 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31406]: + ??? root:rubyman
Jul 14 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31406]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783685 of user rubyman.
Jul 14 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31406]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783685.
Jul 14 10:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28566]: pam_unix(cron:session): session closed for user root
Jul 14 10:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31342]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.78.29  user=root
Jul 14 10:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31655]: Invalid user admin from 78.128.112.74
Jul 14 10:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31655]: input_userauth_request: invalid user admin [preauth]
Jul 14 10:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31655]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 10:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74
Jul 14 10:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31653]: Failed password for root from 201.48.78.29 port 53526 ssh2
Jul 14 10:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31653]: Received disconnect from 201.48.78.29 port 53526:11: Bye Bye [preauth]
Jul 14 10:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31653]: Disconnected from 201.48.78.29 port 53526 [preauth]
Jul 14 10:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31655]: Failed password for invalid user admin from 78.128.112.74 port 52632 ssh2
Jul 14 10:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31655]: Connection closed by 78.128.112.74 port 52632 [preauth]
Jul 14 10:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.104.0.82  user=root
Jul 14 10:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31671]: Failed password for root from 79.104.0.82 port 58902 ssh2
Jul 14 10:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31671]: Received disconnect from 79.104.0.82 port 58902:11: Bye Bye [preauth]
Jul 14 10:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31671]: Disconnected from 79.104.0.82 port 58902 [preauth]
Jul 14 10:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.23.122.235  user=root
Jul 14 10:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31709]: Failed password for root from 102.23.122.235 port 4534 ssh2
Jul 14 10:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31709]: Received disconnect from 102.23.122.235 port 4534:11: Bye Bye [preauth]
Jul 14 10:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31709]: Disconnected from 102.23.122.235 port 4534 [preauth]
Jul 14 10:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30356]: pam_unix(cron:session): session closed for user root
Jul 14 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31807]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31805]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31804]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31806]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31804]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31873]: Successful su for rubyman by root
Jul 14 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31873]: + ??? root:rubyman
Jul 14 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31873]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783687 of user rubyman.
Jul 14 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31873]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783687.
Jul 14 10:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.102.141.123  user=root
Jul 14 10:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28989]: pam_unix(cron:session): session closed for user root
Jul 14 10:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32309]: Failed password for root from 75.102.141.123 port 49193 ssh2
Jul 14 10:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32309]: Received disconnect from 75.102.141.123 port 49193:11: Bye Bye [preauth]
Jul 14 10:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32309]: Disconnected from 75.102.141.123 port 49193 [preauth]
Jul 14 10:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31805]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32413]: Invalid user docker from 164.68.105.9
Jul 14 10:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32413]: input_userauth_request: invalid user docker [preauth]
Jul 14 10:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32413]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 10:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Jul 14 10:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32413]: Failed password for invalid user docker from 164.68.105.9 port 42492 ssh2
Jul 14 10:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32413]: Connection closed by 164.68.105.9 port 42492 [preauth]
Jul 14 10:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30811]: pam_unix(cron:session): session closed for user root
Jul 14 10:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.78.29  user=root
Jul 14 10:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32525]: Failed password for root from 201.48.78.29 port 53582 ssh2
Jul 14 10:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32525]: Received disconnect from 201.48.78.29 port 53582:11: Bye Bye [preauth]
Jul 14 10:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32525]: Disconnected from 201.48.78.29 port 53582 [preauth]
Jul 14 10:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.191.89.82  user=root
Jul 14 10:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32540]: Failed password for root from 160.191.89.82 port 42982 ssh2
Jul 14 10:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32540]: Received disconnect from 160.191.89.82 port 42982:11: Bye Bye [preauth]
Jul 14 10:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32540]: Disconnected from 160.191.89.82 port 42982 [preauth]
Jul 14 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32557]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32561]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32560]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32558]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32554]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32557]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[337]: Successful su for rubyman by root
Jul 14 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[337]: + ??? root:rubyman
Jul 14 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[337]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783692 of user rubyman.
Jul 14 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[337]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783692.
Jul 14 10:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32554]: pam_unix(cron:session): session closed for user root
Jul 14 10:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29518]: pam_unix(cron:session): session closed for user root
Jul 14 10:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32558]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31345]: pam_unix(cron:session): session closed for user root
Jul 14 10:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[752]: Invalid user thalia from 80.94.95.15
Jul 14 10:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[752]: input_userauth_request: invalid user thalia [preauth]
Jul 14 10:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[752]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 10:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.15
Jul 14 10:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[752]: Failed password for invalid user thalia from 80.94.95.15 port 1591 ssh2
Jul 14 10:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[752]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 10:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[752]: Failed password for invalid user thalia from 80.94.95.15 port 1591 ssh2
Jul 14 10:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[752]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 10:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[752]: Failed password for invalid user thalia from 80.94.95.15 port 1591 ssh2
Jul 14 10:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[752]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 10:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[752]: Failed password for invalid user thalia from 80.94.95.15 port 1591 ssh2
Jul 14 10:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[752]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 10:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[752]: Failed password for invalid user thalia from 80.94.95.15 port 1591 ssh2
Jul 14 10:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[752]: Received disconnect from 80.94.95.15 port 1591:11: Bye [preauth]
Jul 14 10:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[752]: Disconnected from 80.94.95.15 port 1591 [preauth]
Jul 14 10:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[752]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.15
Jul 14 10:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[752]: PAM service(sshd) ignoring max retries; 5 > 3
Jul 14 10:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74  user=root
Jul 14 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[814]: Failed password for root from 45.172.152.74 port 49824 ssh2
Jul 14 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[814]: Received disconnect from 45.172.152.74 port 49824:11: Bye Bye [preauth]
Jul 14 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[814]: Disconnected from 45.172.152.74 port 49824 [preauth]
Jul 14 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[822]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[819]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[823]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[817]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[821]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[818]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[823]: pam_unix(cron:session): session closed for user root
Jul 14 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[817]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[903]: Successful su for rubyman by root
Jul 14 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[903]: + ??? root:rubyman
Jul 14 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[903]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783698 of user rubyman.
Jul 14 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[903]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783698.
Jul 14 10:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29943]: pam_unix(cron:session): session closed for user root
Jul 14 10:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[819]: pam_unix(cron:session): session closed for user root
Jul 14 10:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.224.139.145  user=root
Jul 14 10:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[818]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1170]: Failed password for root from 156.224.139.145 port 46834 ssh2
Jul 14 10:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1170]: Received disconnect from 156.224.139.145 port 46834:11: Bye Bye [preauth]
Jul 14 10:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1170]: Disconnected from 156.224.139.145 port 46834 [preauth]
Jul 14 10:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.104.0.82  user=root
Jul 14 10:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1193]: Failed password for root from 79.104.0.82 port 48788 ssh2
Jul 14 10:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1193]: Received disconnect from 79.104.0.82 port 48788:11: Bye Bye [preauth]
Jul 14 10:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1193]: Disconnected from 79.104.0.82 port 48788 [preauth]
Jul 14 10:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.78.29  user=root
Jul 14 10:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1227]: Failed password for root from 201.48.78.29 port 53632 ssh2
Jul 14 10:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1227]: Received disconnect from 201.48.78.29 port 53632:11: Bye Bye [preauth]
Jul 14 10:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1227]: Disconnected from 201.48.78.29 port 53632 [preauth]
Jul 14 10:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31807]: pam_unix(cron:session): session closed for user root
Jul 14 10:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1320]: Invalid user tmp from 193.32.162.141
Jul 14 10:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1320]: input_userauth_request: invalid user tmp [preauth]
Jul 14 10:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1320]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 10:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.141
Jul 14 10:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1320]: Failed password for invalid user tmp from 193.32.162.141 port 55890 ssh2
Jul 14 10:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1320]: Connection closed by 193.32.162.141 port 55890 [preauth]
Jul 14 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1377]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1374]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1375]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1376]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1374]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1478]: Successful su for rubyman by root
Jul 14 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1478]: + ??? root:rubyman
Jul 14 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1478]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783703 of user rubyman.
Jul 14 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1478]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783703.
Jul 14 10:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30355]: pam_unix(cron:session): session closed for user root
Jul 14 10:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.102.141.123  user=root
Jul 14 10:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1375]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.23.122.235  user=root
Jul 14 10:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1669]: Failed password for root from 75.102.141.123 port 43086 ssh2
Jul 14 10:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1669]: Received disconnect from 75.102.141.123 port 43086:11: Bye Bye [preauth]
Jul 14 10:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1669]: Disconnected from 75.102.141.123 port 43086 [preauth]
Jul 14 10:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1685]: Failed password for root from 102.23.122.235 port 4535 ssh2
Jul 14 10:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1685]: Received disconnect from 102.23.122.235 port 4535:11: Bye Bye [preauth]
Jul 14 10:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1685]: Disconnected from 102.23.122.235 port 4535 [preauth]
Jul 14 10:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74  user=root
Jul 14 10:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1739]: Failed password for root from 45.172.152.74 port 46906 ssh2
Jul 14 10:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1739]: Received disconnect from 45.172.152.74 port 46906:11: Bye Bye [preauth]
Jul 14 10:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1739]: Disconnected from 45.172.152.74 port 46906 [preauth]
Jul 14 10:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.224.139.145  user=root
Jul 14 10:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1775]: Failed password for root from 156.224.139.145 port 46286 ssh2
Jul 14 10:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1775]: Received disconnect from 156.224.139.145 port 46286:11: Bye Bye [preauth]
Jul 14 10:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1775]: Disconnected from 156.224.139.145 port 46286 [preauth]
Jul 14 10:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.104.0.82  user=root
Jul 14 10:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1807]: Failed password for root from 79.104.0.82 port 47698 ssh2
Jul 14 10:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1807]: Received disconnect from 79.104.0.82 port 47698:11: Bye Bye [preauth]
Jul 14 10:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1807]: Disconnected from 79.104.0.82 port 47698 [preauth]
Jul 14 10:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32561]: pam_unix(cron:session): session closed for user root
Jul 14 10:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.78.29  user=root
Jul 14 10:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1907]: Failed password for root from 201.48.78.29 port 53686 ssh2
Jul 14 10:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1907]: Received disconnect from 201.48.78.29 port 53686:11: Bye Bye [preauth]
Jul 14 10:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1907]: Disconnected from 201.48.78.29 port 53686 [preauth]
Jul 14 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1959]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1961]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1956]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1955]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1955]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2061]: Successful su for rubyman by root
Jul 14 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2061]: + ??? root:rubyman
Jul 14 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2061]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783708 of user rubyman.
Jul 14 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2061]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783708.
Jul 14 10:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30810]: pam_unix(cron:session): session closed for user root
Jul 14 10:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1956]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.102.141.123  user=root
Jul 14 10:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2314]: Failed password for root from 75.102.141.123 port 57169 ssh2
Jul 14 10:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2314]: Received disconnect from 75.102.141.123 port 57169:11: Bye Bye [preauth]
Jul 14 10:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2314]: Disconnected from 75.102.141.123 port 57169 [preauth]
Jul 14 10:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74  user=root
Jul 14 10:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2323]: Failed password for root from 45.172.152.74 port 33774 ssh2
Jul 14 10:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2323]: Received disconnect from 45.172.152.74 port 33774:11: Bye Bye [preauth]
Jul 14 10:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2323]: Disconnected from 45.172.152.74 port 33774 [preauth]
Jul 14 10:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[822]: pam_unix(cron:session): session closed for user root
Jul 14 10:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.224.139.145  user=root
Jul 14 10:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2359]: Failed password for root from 156.224.139.145 port 45738 ssh2
Jul 14 10:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2359]: Received disconnect from 156.224.139.145 port 45738:11: Bye Bye [preauth]
Jul 14 10:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2359]: Disconnected from 156.224.139.145 port 45738 [preauth]
Jul 14 10:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.104.0.82  user=root
Jul 14 10:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2364]: Failed password for root from 79.104.0.82 port 46604 ssh2
Jul 14 10:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2364]: Received disconnect from 79.104.0.82 port 46604:11: Bye Bye [preauth]
Jul 14 10:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2364]: Disconnected from 79.104.0.82 port 46604 [preauth]
Jul 14 10:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.23.122.235  user=root
Jul 14 10:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2393]: Failed password for root from 102.23.122.235 port 4536 ssh2
Jul 14 10:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2393]: Received disconnect from 102.23.122.235 port 4536:11: Bye Bye [preauth]
Jul 14 10:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2393]: Disconnected from 102.23.122.235 port 4536 [preauth]
Jul 14 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2437]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2439]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2438]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2436]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2436]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2511]: Successful su for rubyman by root
Jul 14 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2511]: + ??? root:rubyman
Jul 14 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2511]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783710 of user rubyman.
Jul 14 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2511]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783710.
Jul 14 10:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2668]: Did not receive identification string from 195.178.110.211
Jul 14 10:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31344]: pam_unix(cron:session): session closed for user root
Jul 14 10:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2437]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.78.29  user=root
Jul 14 10:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2792]: Failed password for root from 201.48.78.29 port 53738 ssh2
Jul 14 10:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2792]: Received disconnect from 201.48.78.29 port 53738:11: Bye Bye [preauth]
Jul 14 10:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2792]: Disconnected from 201.48.78.29 port 53738 [preauth]
Jul 14 10:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1377]: pam_unix(cron:session): session closed for user root
Jul 14 10:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2833]: Invalid user solana from 195.178.110.211
Jul 14 10:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2833]: input_userauth_request: invalid user solana [preauth]
Jul 14 10:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2833]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 10:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.211
Jul 14 10:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2833]: Failed password for invalid user solana from 195.178.110.211 port 55138 ssh2
Jul 14 10:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2833]: Connection closed by 195.178.110.211 port 55138 [preauth]
Jul 14 10:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.102.141.123  user=root
Jul 14 10:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74  user=root
Jul 14 10:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2862]: Failed password for root from 75.102.141.123 port 43033 ssh2
Jul 14 10:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2862]: Received disconnect from 75.102.141.123 port 43033:11: Bye Bye [preauth]
Jul 14 10:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2862]: Disconnected from 75.102.141.123 port 43033 [preauth]
Jul 14 10:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2864]: Failed password for root from 45.172.152.74 port 60390 ssh2
Jul 14 10:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2864]: Received disconnect from 45.172.152.74 port 60390:11: Bye Bye [preauth]
Jul 14 10:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2864]: Disconnected from 45.172.152.74 port 60390 [preauth]
Jul 14 10:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.224.139.145  user=root
Jul 14 10:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2875]: Failed password for root from 156.224.139.145 port 45176 ssh2
Jul 14 10:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2875]: Received disconnect from 156.224.139.145 port 45176:11: Bye Bye [preauth]
Jul 14 10:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2875]: Disconnected from 156.224.139.145 port 45176 [preauth]
Jul 14 10:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.104.0.82  user=root
Jul 14 10:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2880]: Failed password for root from 79.104.0.82 port 45510 ssh2
Jul 14 10:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2880]: Received disconnect from 79.104.0.82 port 45510:11: Bye Bye [preauth]
Jul 14 10:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2880]: Disconnected from 79.104.0.82 port 45510 [preauth]
Jul 14 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2908]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2905]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2907]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2904]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2904]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2975]: Successful su for rubyman by root
Jul 14 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2975]: + ??? root:rubyman
Jul 14 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2975]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783714 of user rubyman.
Jul 14 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2975]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783714.
Jul 14 10:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31806]: pam_unix(cron:session): session closed for user root
Jul 14 10:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2905]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3189]: Invalid user sol from 195.178.110.211
Jul 14 10:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3189]: input_userauth_request: invalid user sol [preauth]
Jul 14 10:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3189]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 10:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.211
Jul 14 10:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3189]: Failed password for invalid user sol from 195.178.110.211 port 55358 ssh2
Jul 14 10:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3189]: Connection closed by 195.178.110.211 port 55358 [preauth]
Jul 14 10:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.23.122.235  user=root
Jul 14 10:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3217]: Failed password for root from 102.23.122.235 port 4537 ssh2
Jul 14 10:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3217]: Received disconnect from 102.23.122.235 port 4537:11: Bye Bye [preauth]
Jul 14 10:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3217]: Disconnected from 102.23.122.235 port 4537 [preauth]
Jul 14 10:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1961]: pam_unix(cron:session): session closed for user root
Jul 14 10:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3329]: Invalid user solv from 195.178.110.211
Jul 14 10:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3329]: input_userauth_request: invalid user solv [preauth]
Jul 14 10:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3329]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 10:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.211
Jul 14 10:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.224.139.145  user=root
Jul 14 10:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3329]: Failed password for invalid user solv from 195.178.110.211 port 55582 ssh2
Jul 14 10:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3329]: Connection closed by 195.178.110.211 port 55582 [preauth]
Jul 14 10:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3339]: Failed password for root from 156.224.139.145 port 44614 ssh2
Jul 14 10:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3339]: Received disconnect from 156.224.139.145 port 44614:11: Bye Bye [preauth]
Jul 14 10:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3339]: Disconnected from 156.224.139.145 port 44614 [preauth]
Jul 14 10:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.78.29  user=root
Jul 14 10:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.104.0.82  user=root
Jul 14 10:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3342]: Failed password for root from 201.48.78.29 port 53784 ssh2
Jul 14 10:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3342]: Received disconnect from 201.48.78.29 port 53784:11: Bye Bye [preauth]
Jul 14 10:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3342]: Disconnected from 201.48.78.29 port 53784 [preauth]
Jul 14 10:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3344]: Failed password for root from 79.104.0.82 port 44408 ssh2
Jul 14 10:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3344]: Received disconnect from 79.104.0.82 port 44408:11: Bye Bye [preauth]
Jul 14 10:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3344]: Disconnected from 79.104.0.82 port 44408 [preauth]
Jul 14 10:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.102.141.123  user=root
Jul 14 10:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74  user=root
Jul 14 10:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3357]: Failed password for root from 75.102.141.123 port 57137 ssh2
Jul 14 10:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3355]: Failed password for root from 45.172.152.74 port 60320 ssh2
Jul 14 10:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3357]: Received disconnect from 75.102.141.123 port 57137:11: Bye Bye [preauth]
Jul 14 10:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3357]: Disconnected from 75.102.141.123 port 57137 [preauth]
Jul 14 10:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3355]: Received disconnect from 45.172.152.74 port 60320:11: Bye Bye [preauth]
Jul 14 10:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3355]: Disconnected from 45.172.152.74 port 60320 [preauth]
Jul 14 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3366]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3365]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3363]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3367]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3368]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3362]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3368]: pam_unix(cron:session): session closed for user root
Jul 14 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3362]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3458]: Successful su for rubyman by root
Jul 14 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3458]: + ??? root:rubyman
Jul 14 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3458]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783721 of user rubyman.
Jul 14 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3458]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783721.
Jul 14 10:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3365]: pam_unix(cron:session): session closed for user root
Jul 14 10:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32560]: pam_unix(cron:session): session closed for user root
Jul 14 10:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3363]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3785]: Invalid user solv from 195.178.110.211
Jul 14 10:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3785]: input_userauth_request: invalid user solv [preauth]
Jul 14 10:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3785]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 10:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.211
Jul 14 10:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3785]: Failed password for invalid user solv from 195.178.110.211 port 55804 ssh2
Jul 14 10:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3785]: Connection closed by 195.178.110.211 port 55804 [preauth]
Jul 14 10:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2439]: pam_unix(cron:session): session closed for user root
Jul 14 10:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.23.122.235  user=root
Jul 14 10:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3857]: Failed password for root from 102.23.122.235 port 4538 ssh2
Jul 14 10:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3857]: Received disconnect from 102.23.122.235 port 4538:11: Bye Bye [preauth]
Jul 14 10:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3857]: Disconnected from 102.23.122.235 port 4538 [preauth]
Jul 14 10:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.224.139.145  user=root
Jul 14 10:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.104.0.82  user=root
Jul 14 10:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3869]: Failed password for root from 156.224.139.145 port 44058 ssh2
Jul 14 10:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3869]: Received disconnect from 156.224.139.145 port 44058:11: Bye Bye [preauth]
Jul 14 10:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3869]: Disconnected from 156.224.139.145 port 44058 [preauth]
Jul 14 10:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3871]: Failed password for root from 79.104.0.82 port 43302 ssh2
Jul 14 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3871]: Received disconnect from 79.104.0.82 port 43302:11: Bye Bye [preauth]
Jul 14 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3871]: Disconnected from 79.104.0.82 port 43302 [preauth]
Jul 14 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.191.89.82  user=root
Jul 14 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3894]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3892]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3893]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3891]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3891]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4003]: Successful su for rubyman by root
Jul 14 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4003]: + ??? root:rubyman
Jul 14 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4003]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783725 of user rubyman.
Jul 14 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4003]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783725.
Jul 14 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3887]: Failed password for root from 160.191.89.82 port 40674 ssh2
Jul 14 10:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3887]: Received disconnect from 160.191.89.82 port 40674:11: Bye Bye [preauth]
Jul 14 10:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3887]: Disconnected from 160.191.89.82 port 40674 [preauth]
Jul 14 10:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74  user=root
Jul 14 10:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[821]: pam_unix(cron:session): session closed for user root
Jul 14 10:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4125]: Failed password for root from 45.172.152.74 port 51176 ssh2
Jul 14 10:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4125]: Received disconnect from 45.172.152.74 port 51176:11: Bye Bye [preauth]
Jul 14 10:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4125]: Disconnected from 45.172.152.74 port 51176 [preauth]
Jul 14 10:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4177]: Invalid user sol from 195.178.110.211
Jul 14 10:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4177]: input_userauth_request: invalid user sol [preauth]
Jul 14 10:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4177]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 10:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.211
Jul 14 10:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3892]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4177]: Failed password for invalid user sol from 195.178.110.211 port 56038 ssh2
Jul 14 10:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4177]: Connection closed by 195.178.110.211 port 56038 [preauth]
Jul 14 10:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.102.141.123  user=root
Jul 14 10:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4199]: Failed password for root from 75.102.141.123 port 43011 ssh2
Jul 14 10:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4199]: Received disconnect from 75.102.141.123 port 43011:11: Bye Bye [preauth]
Jul 14 10:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4199]: Disconnected from 75.102.141.123 port 43011 [preauth]
Jul 14 10:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.78.29  user=root
Jul 14 10:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4271]: Failed password for root from 201.48.78.29 port 53836 ssh2
Jul 14 10:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4271]: Received disconnect from 201.48.78.29 port 53836:11: Bye Bye [preauth]
Jul 14 10:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4271]: Disconnected from 201.48.78.29 port 53836 [preauth]
Jul 14 10:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2908]: pam_unix(cron:session): session closed for user root
Jul 14 10:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4596]: Invalid user sol from 195.178.110.211
Jul 14 10:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4596]: input_userauth_request: invalid user sol [preauth]
Jul 14 10:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4596]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 10:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.211
Jul 14 10:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4596]: Failed password for invalid user sol from 195.178.110.211 port 56258 ssh2
Jul 14 10:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4596]: Connection closed by 195.178.110.211 port 56258 [preauth]
Jul 14 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4637]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4634]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4635]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4638]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4632]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4632]: pam_unix(cron:session): session closed for user root
Jul 14 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4634]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4699]: Successful su for rubyman by root
Jul 14 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4699]: + ??? root:rubyman
Jul 14 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4699]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783728 of user rubyman.
Jul 14 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4699]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783728.
Jul 14 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.224.139.145  user=root
Jul 14 10:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4766]: Failed password for root from 156.224.139.145 port 43496 ssh2
Jul 14 10:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4766]: Received disconnect from 156.224.139.145 port 43496:11: Bye Bye [preauth]
Jul 14 10:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4766]: Disconnected from 156.224.139.145 port 43496 [preauth]
Jul 14 10:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.104.0.82  user=root
Jul 14 10:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1376]: pam_unix(cron:session): session closed for user root
Jul 14 10:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4817]: Failed password for root from 79.104.0.82 port 42200 ssh2
Jul 14 10:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4817]: Received disconnect from 79.104.0.82 port 42200:11: Bye Bye [preauth]
Jul 14 10:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4817]: Disconnected from 79.104.0.82 port 42200 [preauth]
Jul 14 10:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4635]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74  user=root
Jul 14 10:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4935]: Failed password for root from 45.172.152.74 port 44722 ssh2
Jul 14 10:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4935]: Received disconnect from 45.172.152.74 port 44722:11: Bye Bye [preauth]
Jul 14 10:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4935]: Disconnected from 45.172.152.74 port 44722 [preauth]
Jul 14 10:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4981]: Invalid user solana from 195.178.110.211
Jul 14 10:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4981]: input_userauth_request: invalid user solana [preauth]
Jul 14 10:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.102.141.123  user=root
Jul 14 10:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4981]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 10:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.211
Jul 14 10:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4985]: Failed password for root from 75.102.141.123 port 57114 ssh2
Jul 14 10:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4981]: Failed password for invalid user solana from 195.178.110.211 port 56494 ssh2
Jul 14 10:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4985]: Received disconnect from 75.102.141.123 port 57114:11: Bye Bye [preauth]
Jul 14 10:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4985]: Disconnected from 75.102.141.123 port 57114 [preauth]
Jul 14 10:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4981]: Connection closed by 195.178.110.211 port 56494 [preauth]
Jul 14 10:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.23.122.235  user=root
Jul 14 10:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4991]: Failed password for root from 102.23.122.235 port 4539 ssh2
Jul 14 10:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4991]: Received disconnect from 102.23.122.235 port 4539:11: Bye Bye [preauth]
Jul 14 10:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4991]: Disconnected from 102.23.122.235 port 4539 [preauth]
Jul 14 10:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.125  user=root
Jul 14 10:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5200]: Failed password for root from 195.178.110.125 port 37714 ssh2
Jul 14 10:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5200]: Connection closed by 195.178.110.125 port 37714 [preauth]
Jul 14 10:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.125  user=root
Jul 14 10:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3367]: pam_unix(cron:session): session closed for user root
Jul 14 10:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5232]: Failed password for root from 195.178.110.125 port 37728 ssh2
Jul 14 10:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5232]: Connection closed by 195.178.110.125 port 37728 [preauth]
Jul 14 10:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.125  user=root
Jul 14 10:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5255]: Failed password for root from 195.178.110.125 port 60904 ssh2
Jul 14 10:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5255]: Connection closed by 195.178.110.125 port 60904 [preauth]
Jul 14 10:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.125  user=root
Jul 14 10:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5257]: Failed password for root from 195.178.110.125 port 60916 ssh2
Jul 14 10:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5257]: Connection closed by 195.178.110.125 port 60916 [preauth]
Jul 14 10:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.125  user=root
Jul 14 10:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5274]: Failed password for root from 195.178.110.125 port 60920 ssh2
Jul 14 10:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5274]: Connection closed by 195.178.110.125 port 60920 [preauth]
Jul 14 10:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.78.29  user=root
Jul 14 10:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5300]: Failed password for root from 201.48.78.29 port 53884 ssh2
Jul 14 10:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5300]: Received disconnect from 201.48.78.29 port 53884:11: Bye Bye [preauth]
Jul 14 10:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5300]: Disconnected from 201.48.78.29 port 53884 [preauth]
Jul 14 10:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5321]: Invalid user solana from 195.178.110.211
Jul 14 10:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5321]: input_userauth_request: invalid user solana [preauth]
Jul 14 10:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5321]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 10:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.211
Jul 14 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5326]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5327]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5325]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5324]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5324]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5386]: Successful su for rubyman by root
Jul 14 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5386]: + ??? root:rubyman
Jul 14 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5386]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783734 of user rubyman.
Jul 14 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5386]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783734.
Jul 14 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5321]: Failed password for invalid user solana from 195.178.110.211 port 56712 ssh2
Jul 14 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5321]: Connection closed by 195.178.110.211 port 56712 [preauth]
Jul 14 10:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1959]: pam_unix(cron:session): session closed for user root
Jul 14 10:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5325]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.224.139.145  user=root
Jul 14 10:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.104.0.82  user=root
Jul 14 10:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5660]: Failed password for root from 156.224.139.145 port 42940 ssh2
Jul 14 10:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5660]: Received disconnect from 156.224.139.145 port 42940:11: Bye Bye [preauth]
Jul 14 10:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5660]: Disconnected from 156.224.139.145 port 42940 [preauth]
Jul 14 10:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5658]: Failed password for root from 79.104.0.82 port 41102 ssh2
Jul 14 10:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5658]: Received disconnect from 79.104.0.82 port 41102:11: Bye Bye [preauth]
Jul 14 10:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5658]: Disconnected from 79.104.0.82 port 41102 [preauth]
Jul 14 10:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5701]: Invalid user sysadmin from 193.32.162.141
Jul 14 10:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5701]: input_userauth_request: invalid user sysadmin [preauth]
Jul 14 10:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5701]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 10:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.141
Jul 14 10:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5701]: Failed password for invalid user sysadmin from 193.32.162.141 port 45000 ssh2
Jul 14 10:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5701]: Connection closed by 193.32.162.141 port 45000 [preauth]
Jul 14 10:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74  user=root
Jul 14 10:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5727]: Failed password for root from 45.172.152.74 port 56042 ssh2
Jul 14 10:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5727]: Received disconnect from 45.172.152.74 port 56042:11: Bye Bye [preauth]
Jul 14 10:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5727]: Disconnected from 45.172.152.74 port 56042 [preauth]
Jul 14 10:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3894]: pam_unix(cron:session): session closed for user root
Jul 14 10:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.102.141.123  user=root
Jul 14 10:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: Failed password for root from 75.102.141.123 port 42978 ssh2
Jul 14 10:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: Received disconnect from 75.102.141.123 port 42978:11: Bye Bye [preauth]
Jul 14 10:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: Disconnected from 75.102.141.123 port 42978 [preauth]
Jul 14 10:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.23.122.235  user=root
Jul 14 10:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5897]: Failed password for root from 102.23.122.235 port 4540 ssh2
Jul 14 10:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5897]: Received disconnect from 102.23.122.235 port 4540:11: Bye Bye [preauth]
Jul 14 10:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5897]: Disconnected from 102.23.122.235 port 4540 [preauth]
Jul 14 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5913]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5916]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5915]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5912]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5912]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5978]: Successful su for rubyman by root
Jul 14 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5978]: + ??? root:rubyman
Jul 14 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5978]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783738 of user rubyman.
Jul 14 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5978]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783738.
Jul 14 10:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2438]: pam_unix(cron:session): session closed for user root
Jul 14 10:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5913]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.224.139.145  user=root
Jul 14 10:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6236]: Failed password for root from 156.224.139.145 port 42380 ssh2
Jul 14 10:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6236]: Received disconnect from 156.224.139.145 port 42380:11: Bye Bye [preauth]
Jul 14 10:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6236]: Disconnected from 156.224.139.145 port 42380 [preauth]
Jul 14 10:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.78.29  user=root
Jul 14 10:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.104.0.82  user=root
Jul 14 10:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6248]: Failed password for root from 201.48.78.29 port 53938 ssh2
Jul 14 10:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6248]: Received disconnect from 201.48.78.29 port 53938:11: Bye Bye [preauth]
Jul 14 10:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6248]: Disconnected from 201.48.78.29 port 53938 [preauth]
Jul 14 10:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6254]: Failed password for root from 79.104.0.82 port 40004 ssh2
Jul 14 10:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6251]: Invalid user jessica from 46.101.170.54
Jul 14 10:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6251]: input_userauth_request: invalid user jessica [preauth]
Jul 14 10:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6251]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 10:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.170.54
Jul 14 10:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6254]: Received disconnect from 79.104.0.82 port 40004:11: Bye Bye [preauth]
Jul 14 10:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6254]: Disconnected from 79.104.0.82 port 40004 [preauth]
Jul 14 10:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6251]: Failed password for invalid user jessica from 46.101.170.54 port 42614 ssh2
Jul 14 10:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6251]: Connection closed by 46.101.170.54 port 42614 [preauth]
Jul 14 10:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4638]: pam_unix(cron:session): session closed for user root
Jul 14 10:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74  user=root
Jul 14 10:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6324]: Failed password for root from 45.172.152.74 port 55874 ssh2
Jul 14 10:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6324]: Received disconnect from 45.172.152.74 port 55874:11: Bye Bye [preauth]
Jul 14 10:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6324]: Disconnected from 45.172.152.74 port 55874 [preauth]
Jul 14 10:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.102.141.123  user=root
Jul 14 10:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6363]: Failed password for root from 75.102.141.123 port 57079 ssh2
Jul 14 10:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6363]: Received disconnect from 75.102.141.123 port 57079:11: Bye Bye [preauth]
Jul 14 10:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6363]: Disconnected from 75.102.141.123 port 57079 [preauth]
Jul 14 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6381]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6380]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6378]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6375]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6376]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6379]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6381]: pam_unix(cron:session): session closed for user root
Jul 14 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6375]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6450]: Successful su for rubyman by root
Jul 14 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6450]: + ??? root:rubyman
Jul 14 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6450]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783742 of user rubyman.
Jul 14 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6450]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783742.
Jul 14 10:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6378]: pam_unix(cron:session): session closed for user root
Jul 14 10:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2907]: pam_unix(cron:session): session closed for user root
Jul 14 10:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6376]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.191.89.82  user=root
Jul 14 10:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6691]: Failed password for root from 160.191.89.82 port 56350 ssh2
Jul 14 10:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6691]: Received disconnect from 160.191.89.82 port 56350:11: Bye Bye [preauth]
Jul 14 10:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6691]: Disconnected from 160.191.89.82 port 56350 [preauth]
Jul 14 10:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.224.139.145  user=root
Jul 14 10:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6726]: Failed password for root from 156.224.139.145 port 41820 ssh2
Jul 14 10:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6726]: Received disconnect from 156.224.139.145 port 41820:11: Bye Bye [preauth]
Jul 14 10:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6726]: Disconnected from 156.224.139.145 port 41820 [preauth]
Jul 14 10:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.23.122.235  user=root
Jul 14 10:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6750]: Failed password for root from 102.23.122.235 port 4541 ssh2
Jul 14 10:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6750]: Received disconnect from 102.23.122.235 port 4541:11: Bye Bye [preauth]
Jul 14 10:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6750]: Disconnected from 102.23.122.235 port 4541 [preauth]
Jul 14 10:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.104.0.82  user=root
Jul 14 10:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5327]: pam_unix(cron:session): session closed for user root
Jul 14 10:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6752]: Failed password for root from 79.104.0.82 port 38906 ssh2
Jul 14 10:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6752]: Received disconnect from 79.104.0.82 port 38906:11: Bye Bye [preauth]
Jul 14 10:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6752]: Disconnected from 79.104.0.82 port 38906 [preauth]
Jul 14 10:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74  user=root
Jul 14 10:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.78.29  user=root
Jul 14 10:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6826]: Failed password for root from 45.172.152.74 port 38444 ssh2
Jul 14 10:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6826]: Received disconnect from 45.172.152.74 port 38444:11: Bye Bye [preauth]
Jul 14 10:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6826]: Disconnected from 45.172.152.74 port 38444 [preauth]
Jul 14 10:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6829]: Failed password for root from 201.48.78.29 port 53984 ssh2
Jul 14 10:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6829]: Received disconnect from 201.48.78.29 port 53984:11: Bye Bye [preauth]
Jul 14 10:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6829]: Disconnected from 201.48.78.29 port 53984 [preauth]
Jul 14 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6855]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6854]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6852]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6853]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6852]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7013]: Successful su for rubyman by root
Jul 14 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7013]: + ??? root:rubyman
Jul 14 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7013]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783747 of user rubyman.
Jul 14 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7013]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783747.
Jul 14 10:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3366]: pam_unix(cron:session): session closed for user root
Jul 14 10:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6853]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7227]: Invalid user hamza from 190.103.202.7
Jul 14 10:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7227]: input_userauth_request: invalid user hamza [preauth]
Jul 14 10:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7227]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 10:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Jul 14 10:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.102.141.123  user=root
Jul 14 10:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7227]: Failed password for invalid user hamza from 190.103.202.7 port 53614 ssh2
Jul 14 10:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7227]: Connection closed by 190.103.202.7 port 53614 [preauth]
Jul 14 10:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7242]: Failed password for root from 75.102.141.123 port 42951 ssh2
Jul 14 10:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7242]: Received disconnect from 75.102.141.123 port 42951:11: Bye Bye [preauth]
Jul 14 10:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7242]: Disconnected from 75.102.141.123 port 42951 [preauth]
Jul 14 10:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.224.139.145  user=root
Jul 14 10:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7312]: Failed password for root from 156.224.139.145 port 41258 ssh2
Jul 14 10:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7312]: Received disconnect from 156.224.139.145 port 41258:11: Bye Bye [preauth]
Jul 14 10:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7312]: Disconnected from 156.224.139.145 port 41258 [preauth]
Jul 14 10:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5916]: pam_unix(cron:session): session closed for user root
Jul 14 10:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.104.0.82  user=root
Jul 14 10:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7353]: Failed password for root from 79.104.0.82 port 37804 ssh2
Jul 14 10:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7353]: Received disconnect from 79.104.0.82 port 37804:11: Bye Bye [preauth]
Jul 14 10:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7353]: Disconnected from 79.104.0.82 port 37804 [preauth]
Jul 14 10:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.23.122.235  user=root
Jul 14 10:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74  user=root
Jul 14 10:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7396]: Failed password for root from 102.23.122.235 port 4542 ssh2
Jul 14 10:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7396]: Received disconnect from 102.23.122.235 port 4542:11: Bye Bye [preauth]
Jul 14 10:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7396]: Disconnected from 102.23.122.235 port 4542 [preauth]
Jul 14 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7412]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7409]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7410]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7411]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7409]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7406]: Failed password for root from 45.172.152.74 port 58684 ssh2
Jul 14 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7406]: Received disconnect from 45.172.152.74 port 58684:11: Bye Bye [preauth]
Jul 14 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7406]: Disconnected from 45.172.152.74 port 58684 [preauth]
Jul 14 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7474]: Successful su for rubyman by root
Jul 14 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7474]: + ??? root:rubyman
Jul 14 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7474]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783751 of user rubyman.
Jul 14 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7474]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783751.
Jul 14 10:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3893]: pam_unix(cron:session): session closed for user root
Jul 14 10:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7410]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.78.29  user=root
Jul 14 10:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.102.141.123  user=root
Jul 14 10:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7825]: Failed password for root from 201.48.78.29 port 54034 ssh2
Jul 14 10:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7825]: Received disconnect from 201.48.78.29 port 54034:11: Bye Bye [preauth]
Jul 14 10:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7825]: Disconnected from 201.48.78.29 port 54034 [preauth]
Jul 14 10:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7827]: Failed password for root from 75.102.141.123 port 57054 ssh2
Jul 14 10:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7827]: Received disconnect from 75.102.141.123 port 57054:11: Bye Bye [preauth]
Jul 14 10:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7827]: Disconnected from 75.102.141.123 port 57054 [preauth]
Jul 14 10:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.191.89.82  user=root
Jul 14 10:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7836]: Failed password for root from 160.191.89.82 port 47228 ssh2
Jul 14 10:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7836]: Received disconnect from 160.191.89.82 port 47228:11: Bye Bye [preauth]
Jul 14 10:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7836]: Disconnected from 160.191.89.82 port 47228 [preauth]
Jul 14 10:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.224.139.145  user=root
Jul 14 10:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6380]: pam_unix(cron:session): session closed for user root
Jul 14 10:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7888]: Failed password for root from 156.224.139.145 port 40700 ssh2
Jul 14 10:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7888]: Received disconnect from 156.224.139.145 port 40700:11: Bye Bye [preauth]
Jul 14 10:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7888]: Disconnected from 156.224.139.145 port 40700 [preauth]
Jul 14 10:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.104.0.82  user=root
Jul 14 10:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7912]: Failed password for root from 79.104.0.82 port 36704 ssh2
Jul 14 10:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7912]: Received disconnect from 79.104.0.82 port 36704:11: Bye Bye [preauth]
Jul 14 10:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7912]: Disconnected from 79.104.0.82 port 36704 [preauth]
Jul 14 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7974]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7973]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7976]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7972]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7972]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8034]: Successful su for rubyman by root
Jul 14 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8034]: + ??? root:rubyman
Jul 14 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8034]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783757 of user rubyman.
Jul 14 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8034]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783757.
Jul 14 10:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4637]: pam_unix(cron:session): session closed for user root
Jul 14 10:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7973]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74  user=root
Jul 14 10:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.96.172  user=root
Jul 14 10:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8356]: Failed password for root from 45.172.152.74 port 51976 ssh2
Jul 14 10:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8356]: Received disconnect from 45.172.152.74 port 51976:11: Bye Bye [preauth]
Jul 14 10:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8356]: Disconnected from 45.172.152.74 port 51976 [preauth]
Jul 14 10:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8358]: Failed password for root from 103.20.96.172 port 60604 ssh2
Jul 14 10:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8358]: Received disconnect from 103.20.96.172 port 60604:11: Bye Bye [preauth]
Jul 14 10:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8358]: Disconnected from 103.20.96.172 port 60604 [preauth]
Jul 14 10:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.23.122.235  user=root
Jul 14 10:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.37.230  user=root
Jul 14 10:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.202  user=root
Jul 14 10:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8419]: Failed password for root from 102.23.122.235 port 4543 ssh2
Jul 14 10:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8419]: Received disconnect from 102.23.122.235 port 4543:11: Bye Bye [preauth]
Jul 14 10:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8419]: Disconnected from 102.23.122.235 port 4543 [preauth]
Jul 14 10:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8422]: Failed password for root from 159.223.37.230 port 52026 ssh2
Jul 14 10:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8422]: Received disconnect from 159.223.37.230 port 52026:11: Bye Bye [preauth]
Jul 14 10:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8422]: Disconnected from 159.223.37.230 port 52026 [preauth]
Jul 14 10:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8427]: Failed password for root from 14.225.220.202 port 40474 ssh2
Jul 14 10:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8427]: Received disconnect from 14.225.220.202 port 40474:11: Bye Bye [preauth]
Jul 14 10:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8427]: Disconnected from 14.225.220.202 port 40474 [preauth]
Jul 14 10:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6855]: pam_unix(cron:session): session closed for user root
Jul 14 10:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.102.141.123  user=root
Jul 14 10:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8456]: Failed password for root from 75.102.141.123 port 42928 ssh2
Jul 14 10:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8456]: Received disconnect from 75.102.141.123 port 42928:11: Bye Bye [preauth]
Jul 14 10:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8456]: Disconnected from 75.102.141.123 port 42928 [preauth]
Jul 14 10:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.224.139.145  user=root
Jul 14 10:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8477]: Failed password for root from 156.224.139.145 port 40140 ssh2
Jul 14 10:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8477]: Received disconnect from 156.224.139.145 port 40140:11: Bye Bye [preauth]
Jul 14 10:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8477]: Disconnected from 156.224.139.145 port 40140 [preauth]
Jul 14 10:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.78.29  user=root
Jul 14 10:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8503]: Failed password for root from 201.48.78.29 port 54078 ssh2
Jul 14 10:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.104.0.82  user=root
Jul 14 10:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8503]: Received disconnect from 201.48.78.29 port 54078:11: Bye Bye [preauth]
Jul 14 10:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8503]: Disconnected from 201.48.78.29 port 54078 [preauth]
Jul 14 10:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8518]: Failed password for root from 79.104.0.82 port 35602 ssh2
Jul 14 10:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8518]: Received disconnect from 79.104.0.82 port 35602:11: Bye Bye [preauth]
Jul 14 10:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8518]: Disconnected from 79.104.0.82 port 35602 [preauth]
Jul 14 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8551]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8547]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8550]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8546]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8546]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8638]: Successful su for rubyman by root
Jul 14 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8638]: + ??? root:rubyman
Jul 14 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8638]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783759 of user rubyman.
Jul 14 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8638]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783759.
Jul 14 10:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5326]: pam_unix(cron:session): session closed for user root
Jul 14 10:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8547]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74  user=root
Jul 14 10:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8895]: Failed password for root from 45.172.152.74 port 32964 ssh2
Jul 14 10:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8895]: Received disconnect from 45.172.152.74 port 32964:11: Bye Bye [preauth]
Jul 14 10:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8895]: Disconnected from 45.172.152.74 port 32964 [preauth]
Jul 14 10:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7412]: pam_unix(cron:session): session closed for user root
Jul 14 10:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.224.139.145  user=root
Jul 14 10:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.102.141.123  user=root
Jul 14 10:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8993]: Failed password for root from 156.224.139.145 port 39582 ssh2
Jul 14 10:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8993]: Received disconnect from 156.224.139.145 port 39582:11: Bye Bye [preauth]
Jul 14 10:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8993]: Disconnected from 156.224.139.145 port 39582 [preauth]
Jul 14 10:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.91.73.167  user=root
Jul 14 10:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8995]: Failed password for root from 75.102.141.123 port 57021 ssh2
Jul 14 10:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8995]: Received disconnect from 75.102.141.123 port 57021:11: Bye Bye [preauth]
Jul 14 10:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8995]: Disconnected from 75.102.141.123 port 57021 [preauth]
Jul 14 10:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8997]: Failed password for root from 210.91.73.167 port 42146 ssh2
Jul 14 10:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8997]: Received disconnect from 210.91.73.167 port 42146:11: Bye Bye [preauth]
Jul 14 10:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8997]: Disconnected from 210.91.73.167 port 42146 [preauth]
Jul 14 10:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.23.122.235  user=root
Jul 14 10:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9028]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9025]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9029]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9023]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9024]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9026]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9029]: pam_unix(cron:session): session closed for user root
Jul 14 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9023]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.104.0.82  user=root
Jul 14 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9103]: Successful su for rubyman by root
Jul 14 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9103]: + ??? root:rubyman
Jul 14 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9103]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783763 of user rubyman.
Jul 14 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9103]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783763.
Jul 14 10:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9007]: Failed password for root from 102.23.122.235 port 4544 ssh2
Jul 14 10:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9007]: Received disconnect from 102.23.122.235 port 4544:11: Bye Bye [preauth]
Jul 14 10:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9007]: Disconnected from 102.23.122.235 port 4544 [preauth]
Jul 14 10:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9020]: Failed password for root from 79.104.0.82 port 34508 ssh2
Jul 14 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9020]: Received disconnect from 79.104.0.82 port 34508:11: Bye Bye [preauth]
Jul 14 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9020]: Disconnected from 79.104.0.82 port 34508 [preauth]
Jul 14 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9025]: pam_unix(cron:session): session closed for user root
Jul 14 10:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5915]: pam_unix(cron:session): session closed for user root
Jul 14 10:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9024]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.78.29  user=root
Jul 14 10:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9479]: Failed password for root from 201.48.78.29 port 54118 ssh2
Jul 14 10:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9479]: Received disconnect from 201.48.78.29 port 54118:11: Bye Bye [preauth]
Jul 14 10:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9479]: Disconnected from 201.48.78.29 port 54118 [preauth]
Jul 14 10:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7976]: pam_unix(cron:session): session closed for user root
Jul 14 10:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9548]: fatal: Unable to negotiate with 114.67.80.147 port 53192: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 [preauth]
Jul 14 10:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9551]: fatal: Unable to negotiate with 114.67.80.147 port 53292: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 [preauth]
Jul 14 10:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9555]: fatal: Unable to negotiate with 114.67.80.147 port 53469: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 [preauth]
Jul 14 10:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74  user=root
Jul 14 10:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9567]: fatal: Unable to negotiate with 114.67.80.147 port 53551: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 [preauth]
Jul 14 10:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9553]: Failed password for root from 45.172.152.74 port 46248 ssh2
Jul 14 10:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9553]: Received disconnect from 45.172.152.74 port 46248:11: Bye Bye [preauth]
Jul 14 10:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9553]: Disconnected from 45.172.152.74 port 46248 [preauth]
Jul 14 10:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.202  user=root
Jul 14 10:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9587]: Failed password for root from 14.225.220.202 port 54522 ssh2
Jul 14 10:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9587]: Received disconnect from 14.225.220.202 port 54522:11: Bye Bye [preauth]
Jul 14 10:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9587]: Disconnected from 14.225.220.202 port 54522 [preauth]
Jul 14 10:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.37.230  user=root
Jul 14 10:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.96.172  user=root
Jul 14 10:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9597]: Failed password for root from 159.223.37.230 port 42424 ssh2
Jul 14 10:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9597]: Received disconnect from 159.223.37.230 port 42424:11: Bye Bye [preauth]
Jul 14 10:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9597]: Disconnected from 159.223.37.230 port 42424 [preauth]
Jul 14 10:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9599]: Failed password for root from 103.20.96.172 port 57436 ssh2
Jul 14 10:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9599]: Received disconnect from 103.20.96.172 port 57436:11: Bye Bye [preauth]
Jul 14 10:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9599]: Disconnected from 103.20.96.172 port 57436 [preauth]
Jul 14 10:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.224.139.145  user=root
Jul 14 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9616]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9617]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9618]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9614]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9614]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9696]: Successful su for rubyman by root
Jul 14 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9696]: + ??? root:rubyman
Jul 14 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9696]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783771 of user rubyman.
Jul 14 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9696]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783771.
Jul 14 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9611]: Failed password for root from 156.224.139.145 port 39022 ssh2
Jul 14 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9611]: Received disconnect from 156.224.139.145 port 39022:11: Bye Bye [preauth]
Jul 14 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9611]: Disconnected from 156.224.139.145 port 39022 [preauth]
Jul 14 10:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9769]: Invalid user system from 193.32.162.141
Jul 14 10:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9769]: input_userauth_request: invalid user system [preauth]
Jul 14 10:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9769]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 10:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.141
Jul 14 10:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9769]: Failed password for invalid user system from 193.32.162.141 port 34118 ssh2
Jul 14 10:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9769]: Connection closed by 193.32.162.141 port 34118 [preauth]
Jul 14 10:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6379]: pam_unix(cron:session): session closed for user root
Jul 14 10:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.102.141.123  user=root
Jul 14 10:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9616]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9874]: Failed password for root from 75.102.141.123 port 42892 ssh2
Jul 14 10:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9874]: Received disconnect from 75.102.141.123 port 42892:11: Bye Bye [preauth]
Jul 14 10:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9874]: Disconnected from 75.102.141.123 port 42892 [preauth]
Jul 14 10:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.104.0.82  user=root
Jul 14 10:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9915]: Failed password for root from 79.104.0.82 port 33416 ssh2
Jul 14 10:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9915]: Received disconnect from 79.104.0.82 port 33416:11: Bye Bye [preauth]
Jul 14 10:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9915]: Disconnected from 79.104.0.82 port 33416 [preauth]
Jul 14 10:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.91.73.167  user=root
Jul 14 10:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9948]: Failed password for root from 210.91.73.167 port 42610 ssh2
Jul 14 10:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9948]: Received disconnect from 210.91.73.167 port 42610:11: Bye Bye [preauth]
Jul 14 10:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9948]: Disconnected from 210.91.73.167 port 42610 [preauth]
Jul 14 10:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.191.89.82  user=root
Jul 14 10:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8551]: pam_unix(cron:session): session closed for user root
Jul 14 10:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9972]: Failed password for root from 160.191.89.82 port 49006 ssh2
Jul 14 10:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.23.122.235  user=root
Jul 14 10:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9972]: Received disconnect from 160.191.89.82 port 49006:11: Bye Bye [preauth]
Jul 14 10:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9972]: Disconnected from 160.191.89.82 port 49006 [preauth]
Jul 14 10:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9989]: Failed password for root from 102.23.122.235 port 4545 ssh2
Jul 14 10:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9989]: Received disconnect from 102.23.122.235 port 4545:11: Bye Bye [preauth]
Jul 14 10:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9989]: Disconnected from 102.23.122.235 port 4545 [preauth]
Jul 14 10:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.78.29  user=root
Jul 14 10:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10051]: Failed password for root from 201.48.78.29 port 54170 ssh2
Jul 14 10:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10051]: Received disconnect from 201.48.78.29 port 54170:11: Bye Bye [preauth]
Jul 14 10:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10051]: Disconnected from 201.48.78.29 port 54170 [preauth]
Jul 14 10:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74  user=root
Jul 14 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10075]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10078]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10076]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10074]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10074]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10071]: Failed password for root from 45.172.152.74 port 43658 ssh2
Jul 14 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10071]: Received disconnect from 45.172.152.74 port 43658:11: Bye Bye [preauth]
Jul 14 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10071]: Disconnected from 45.172.152.74 port 43658 [preauth]
Jul 14 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10134]: Successful su for rubyman by root
Jul 14 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10134]: + ??? root:rubyman
Jul 14 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10134]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783775 of user rubyman.
Jul 14 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10134]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783775.
Jul 14 10:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6854]: pam_unix(cron:session): session closed for user root
Jul 14 10:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10075]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.224.139.145  user=root
Jul 14 10:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10416]: Failed password for root from 156.224.139.145 port 38470 ssh2
Jul 14 10:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10416]: Received disconnect from 156.224.139.145 port 38470:11: Bye Bye [preauth]
Jul 14 10:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10416]: Disconnected from 156.224.139.145 port 38470 [preauth]
Jul 14 10:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.37.230  user=root
Jul 14 10:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10448]: Failed password for root from 159.223.37.230 port 49752 ssh2
Jul 14 10:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10448]: Received disconnect from 159.223.37.230 port 49752:11: Bye Bye [preauth]
Jul 14 10:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10448]: Disconnected from 159.223.37.230 port 49752 [preauth]
Jul 14 10:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.202  user=root
Jul 14 10:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10459]: Failed password for root from 14.225.220.202 port 52854 ssh2
Jul 14 10:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10459]: Received disconnect from 14.225.220.202 port 52854:11: Bye Bye [preauth]
Jul 14 10:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10459]: Disconnected from 14.225.220.202 port 52854 [preauth]
Jul 14 10:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.102.141.123  user=root
Jul 14 10:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.104.0.82  user=root
Jul 14 10:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10472]: Failed password for root from 75.102.141.123 port 56989 ssh2
Jul 14 10:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10472]: Received disconnect from 75.102.141.123 port 56989:11: Bye Bye [preauth]
Jul 14 10:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10472]: Disconnected from 75.102.141.123 port 56989 [preauth]
Jul 14 10:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10475]: Failed password for root from 79.104.0.82 port 60548 ssh2
Jul 14 10:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10475]: Received disconnect from 79.104.0.82 port 60548:11: Bye Bye [preauth]
Jul 14 10:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10475]: Disconnected from 79.104.0.82 port 60548 [preauth]
Jul 14 10:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.96.172  user=root
Jul 14 10:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10477]: Failed password for root from 103.20.96.172 port 32880 ssh2
Jul 14 10:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10477]: Received disconnect from 103.20.96.172 port 32880:11: Bye Bye [preauth]
Jul 14 10:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10477]: Disconnected from 103.20.96.172 port 32880 [preauth]
Jul 14 10:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9028]: pam_unix(cron:session): session closed for user root
Jul 14 10:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.91.73.167  user=root
Jul 14 10:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10572]: Failed password for root from 210.91.73.167 port 41908 ssh2
Jul 14 10:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10572]: Received disconnect from 210.91.73.167 port 41908:11: Bye Bye [preauth]
Jul 14 10:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10572]: Disconnected from 210.91.73.167 port 41908 [preauth]
Jul 14 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10611]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10610]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10607]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10609]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10607]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10711]: Successful su for rubyman by root
Jul 14 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10711]: + ??? root:rubyman
Jul 14 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10711]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783777 of user rubyman.
Jul 14 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10711]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783777.
Jul 14 10:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7411]: pam_unix(cron:session): session closed for user root
Jul 14 10:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.23.122.235  user=root
Jul 14 10:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10609]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10877]: Failed password for root from 102.23.122.235 port 4546 ssh2
Jul 14 10:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74  user=root
Jul 14 10:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10877]: Received disconnect from 102.23.122.235 port 4546:11: Bye Bye [preauth]
Jul 14 10:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10877]: Disconnected from 102.23.122.235 port 4546 [preauth]
Jul 14 10:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10920]: Failed password for root from 45.172.152.74 port 36500 ssh2
Jul 14 10:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10920]: Received disconnect from 45.172.152.74 port 36500:11: Bye Bye [preauth]
Jul 14 10:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10920]: Disconnected from 45.172.152.74 port 36500 [preauth]
Jul 14 10:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.224.139.145  user=root
Jul 14 10:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10950]: Failed password for root from 156.224.139.145 port 37906 ssh2
Jul 14 10:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10950]: Received disconnect from 156.224.139.145 port 37906:11: Bye Bye [preauth]
Jul 14 10:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10950]: Disconnected from 156.224.139.145 port 37906 [preauth]
Jul 14 10:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.78.29  user=root
Jul 14 10:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10960]: Failed password for root from 201.48.78.29 port 54226 ssh2
Jul 14 10:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10960]: Received disconnect from 201.48.78.29 port 54226:11: Bye Bye [preauth]
Jul 14 10:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10960]: Disconnected from 201.48.78.29 port 54226 [preauth]
Jul 14 10:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.104.0.82  user=root
Jul 14 10:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10982]: Failed password for root from 79.104.0.82 port 59448 ssh2
Jul 14 10:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10982]: Received disconnect from 79.104.0.82 port 59448:11: Bye Bye [preauth]
Jul 14 10:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10982]: Disconnected from 79.104.0.82 port 59448 [preauth]
Jul 14 10:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.37.230  user=root
Jul 14 10:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9618]: pam_unix(cron:session): session closed for user root
Jul 14 10:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10992]: Failed password for root from 159.223.37.230 port 41560 ssh2
Jul 14 10:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.102.141.123  user=root
Jul 14 10:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10992]: Received disconnect from 159.223.37.230 port 41560:11: Bye Bye [preauth]
Jul 14 10:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10992]: Disconnected from 159.223.37.230 port 41560 [preauth]
Jul 14 10:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11018]: Failed password for root from 75.102.141.123 port 42858 ssh2
Jul 14 10:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11018]: Received disconnect from 75.102.141.123 port 42858:11: Bye Bye [preauth]
Jul 14 10:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11018]: Disconnected from 75.102.141.123 port 42858 [preauth]
Jul 14 10:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.202  user=root
Jul 14 10:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11028]: Failed password for root from 14.225.220.202 port 46158 ssh2
Jul 14 10:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11028]: Received disconnect from 14.225.220.202 port 46158:11: Bye Bye [preauth]
Jul 14 10:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11028]: Disconnected from 14.225.220.202 port 46158 [preauth]
Jul 14 10:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.96.172  user=root
Jul 14 10:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11062]: Failed password for root from 103.20.96.172 port 36872 ssh2
Jul 14 10:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11062]: Received disconnect from 103.20.96.172 port 36872:11: Bye Bye [preauth]
Jul 14 10:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11062]: Disconnected from 103.20.96.172 port 36872 [preauth]
Jul 14 10:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.47.135.113  user=root
Jul 14 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11089]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11088]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11090]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11087]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11087]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11083]: Failed password for root from 103.47.135.113 port 41274 ssh2
Jul 14 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11083]: Received disconnect from 103.47.135.113 port 41274:11: Bye Bye [preauth]
Jul 14 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11083]: Disconnected from 103.47.135.113 port 41274 [preauth]
Jul 14 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11152]: Successful su for rubyman by root
Jul 14 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11152]: + ??? root:rubyman
Jul 14 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11152]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783782 of user rubyman.
Jul 14 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11152]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783782.
Jul 14 10:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7974]: pam_unix(cron:session): session closed for user root
Jul 14 10:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11088]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.91.73.167  user=root
Jul 14 10:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11341]: Failed password for root from 210.91.73.167 port 41206 ssh2
Jul 14 10:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11341]: Received disconnect from 210.91.73.167 port 41206:11: Bye Bye [preauth]
Jul 14 10:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11341]: Disconnected from 210.91.73.167 port 41206 [preauth]
Jul 14 10:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.211.132.103  user=root
Jul 14 10:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74  user=root
Jul 14 10:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11373]: Failed password for root from 8.211.132.103 port 57704 ssh2
Jul 14 10:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11375]: Failed password for root from 45.172.152.74 port 35330 ssh2
Jul 14 10:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11373]: Received disconnect from 8.211.132.103 port 57704:11: Bye Bye [preauth]
Jul 14 10:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11373]: Disconnected from 8.211.132.103 port 57704 [preauth]
Jul 14 10:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11375]: Received disconnect from 45.172.152.74 port 35330:11: Bye Bye [preauth]
Jul 14 10:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11375]: Disconnected from 45.172.152.74 port 35330 [preauth]
Jul 14 10:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.224.139.145  user=root
Jul 14 10:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11401]: Failed password for root from 156.224.139.145 port 37348 ssh2
Jul 14 10:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11401]: Received disconnect from 156.224.139.145 port 37348:11: Bye Bye [preauth]
Jul 14 10:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11401]: Disconnected from 156.224.139.145 port 37348 [preauth]
Jul 14 10:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10078]: pam_unix(cron:session): session closed for user root
Jul 14 10:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.104.0.82  user=root
Jul 14 10:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.23.122.235  user=root
Jul 14 10:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11440]: Failed password for root from 79.104.0.82 port 58356 ssh2
Jul 14 10:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11440]: Received disconnect from 79.104.0.82 port 58356:11: Bye Bye [preauth]
Jul 14 10:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11440]: Disconnected from 79.104.0.82 port 58356 [preauth]
Jul 14 10:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11450]: Failed password for root from 102.23.122.235 port 4547 ssh2
Jul 14 10:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11450]: Received disconnect from 102.23.122.235 port 4547:11: Bye Bye [preauth]
Jul 14 10:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11450]: Disconnected from 102.23.122.235 port 4547 [preauth]
Jul 14 10:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.102.141.123  user=root
Jul 14 10:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.37.230  user=root
Jul 14 10:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11487]: Failed password for root from 75.102.141.123 port 56962 ssh2
Jul 14 10:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11487]: Received disconnect from 75.102.141.123 port 56962:11: Bye Bye [preauth]
Jul 14 10:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11487]: Disconnected from 75.102.141.123 port 56962 [preauth]
Jul 14 10:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11489]: Failed password for root from 159.223.37.230 port 52930 ssh2
Jul 14 10:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11489]: Received disconnect from 159.223.37.230 port 52930:11: Bye Bye [preauth]
Jul 14 10:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11489]: Disconnected from 159.223.37.230 port 52930 [preauth]
Jul 14 10:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.78.29  user=root
Jul 14 10:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11500]: Failed password for root from 201.48.78.29 port 54274 ssh2
Jul 14 10:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11500]: Received disconnect from 201.48.78.29 port 54274:11: Bye Bye [preauth]
Jul 14 10:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11500]: Disconnected from 201.48.78.29 port 54274 [preauth]
Jul 14 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11518]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11520]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11519]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11521]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11517]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11516]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11521]: pam_unix(cron:session): session closed for user root
Jul 14 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11516]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11591]: Successful su for rubyman by root
Jul 14 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11591]: + ??? root:rubyman
Jul 14 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11591]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783786 of user rubyman.
Jul 14 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11591]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783786.
Jul 14 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.202  user=root
Jul 14 10:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11518]: pam_unix(cron:session): session closed for user root
Jul 14 10:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8550]: pam_unix(cron:session): session closed for user root
Jul 14 10:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11632]: Failed password for root from 14.225.220.202 port 55940 ssh2
Jul 14 10:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11632]: Received disconnect from 14.225.220.202 port 55940:11: Bye Bye [preauth]
Jul 14 10:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11632]: Disconnected from 14.225.220.202 port 55940 [preauth]
Jul 14 10:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11517]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.96.172  user=root
Jul 14 10:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11841]: Failed password for root from 103.20.96.172 port 49696 ssh2
Jul 14 10:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11841]: Received disconnect from 103.20.96.172 port 49696:11: Bye Bye [preauth]
Jul 14 10:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11841]: Disconnected from 103.20.96.172 port 49696 [preauth]
Jul 14 10:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.190.104.66  user=root
Jul 14 10:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11889]: Failed password for root from 195.190.104.66 port 46696 ssh2
Jul 14 10:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11889]: Received disconnect from 195.190.104.66 port 46696:11: Bye Bye [preauth]
Jul 14 10:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11889]: Disconnected from 195.190.104.66 port 46696 [preauth]
Jul 14 10:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10611]: pam_unix(cron:session): session closed for user root
Jul 14 10:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74  user=root
Jul 14 10:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.224.139.145  user=root
Jul 14 10:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11915]: Failed password for root from 45.172.152.74 port 45638 ssh2
Jul 14 10:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11915]: Received disconnect from 45.172.152.74 port 45638:11: Bye Bye [preauth]
Jul 14 10:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11915]: Disconnected from 45.172.152.74 port 45638 [preauth]
Jul 14 10:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11917]: Failed password for root from 156.224.139.145 port 36794 ssh2
Jul 14 10:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11917]: Received disconnect from 156.224.139.145 port 36794:11: Bye Bye [preauth]
Jul 14 10:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11917]: Disconnected from 156.224.139.145 port 36794 [preauth]
Jul 14 10:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.91.73.167  user=root
Jul 14 10:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11934]: Failed password for root from 210.91.73.167 port 40514 ssh2
Jul 14 10:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11934]: Received disconnect from 210.91.73.167 port 40514:11: Bye Bye [preauth]
Jul 14 10:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11934]: Disconnected from 210.91.73.167 port 40514 [preauth]
Jul 14 10:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.104.0.82  user=root
Jul 14 10:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.80.6  user=root
Jul 14 10:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11958]: Failed password for root from 79.104.0.82 port 57258 ssh2
Jul 14 10:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11958]: Received disconnect from 79.104.0.82 port 57258:11: Bye Bye [preauth]
Jul 14 10:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11958]: Disconnected from 79.104.0.82 port 57258 [preauth]
Jul 14 10:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11968]: Failed password for root from 102.210.80.6 port 59509 ssh2
Jul 14 10:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11968]: Received disconnect from 102.210.80.6 port 59509:11: Bye Bye [preauth]
Jul 14 10:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11968]: Disconnected from 102.210.80.6 port 59509 [preauth]
Jul 14 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11989]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11990]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11988]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11987]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11987]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12060]: Successful su for rubyman by root
Jul 14 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12060]: + ??? root:rubyman
Jul 14 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12060]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783792 of user rubyman.
Jul 14 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12060]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783792.
Jul 14 10:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9026]: pam_unix(cron:session): session closed for user root
Jul 14 10:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.102.141.123  user=root
Jul 14 10:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11988]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12243]: Failed password for root from 75.102.141.123 port 42821 ssh2
Jul 14 10:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12243]: Received disconnect from 75.102.141.123 port 42821:11: Bye Bye [preauth]
Jul 14 10:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12243]: Disconnected from 75.102.141.123 port 42821 [preauth]
Jul 14 10:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.37.230  user=root
Jul 14 10:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12256]: Failed password for root from 159.223.37.230 port 42404 ssh2
Jul 14 10:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12256]: Received disconnect from 159.223.37.230 port 42404:11: Bye Bye [preauth]
Jul 14 10:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12256]: Disconnected from 159.223.37.230 port 42404 [preauth]
Jul 14 10:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.23.122.235  user=root
Jul 14 10:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12281]: Failed password for root from 102.23.122.235 port 4548 ssh2
Jul 14 10:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12281]: Received disconnect from 102.23.122.235 port 4548:11: Bye Bye [preauth]
Jul 14 10:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12281]: Disconnected from 102.23.122.235 port 4548 [preauth]
Jul 14 10:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.202  user=root
Jul 14 10:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.78.29  user=root
Jul 14 10:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12341]: Failed password for root from 14.225.220.202 port 55440 ssh2
Jul 14 10:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12341]: Received disconnect from 14.225.220.202 port 55440:11: Bye Bye [preauth]
Jul 14 10:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12341]: Disconnected from 14.225.220.202 port 55440 [preauth]
Jul 14 10:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12343]: Failed password for root from 201.48.78.29 port 54330 ssh2
Jul 14 10:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12343]: Received disconnect from 201.48.78.29 port 54330:11: Bye Bye [preauth]
Jul 14 10:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12343]: Disconnected from 201.48.78.29 port 54330 [preauth]
Jul 14 10:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11090]: pam_unix(cron:session): session closed for user root
Jul 14 10:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74  user=root
Jul 14 10:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.96.172  user=root
Jul 14 10:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.224.139.145  user=root
Jul 14 10:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12424]: Failed password for root from 45.172.152.74 port 49182 ssh2
Jul 14 10:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12422]: Failed password for root from 103.20.96.172 port 59388 ssh2
Jul 14 10:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12424]: Received disconnect from 45.172.152.74 port 49182:11: Bye Bye [preauth]
Jul 14 10:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12424]: Disconnected from 45.172.152.74 port 49182 [preauth]
Jul 14 10:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12422]: Received disconnect from 103.20.96.172 port 59388:11: Bye Bye [preauth]
Jul 14 10:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12422]: Disconnected from 103.20.96.172 port 59388 [preauth]
Jul 14 10:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12441]: Failed password for root from 156.224.139.145 port 36240 ssh2
Jul 14 10:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12441]: Received disconnect from 156.224.139.145 port 36240:11: Bye Bye [preauth]
Jul 14 10:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12441]: Disconnected from 156.224.139.145 port 36240 [preauth]
Jul 14 10:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.211.141.1  user=root
Jul 14 10:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12443]: Failed password for root from 8.211.141.1 port 55088 ssh2
Jul 14 10:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12443]: Received disconnect from 8.211.141.1 port 55088:11: Bye Bye [preauth]
Jul 14 10:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12443]: Disconnected from 8.211.141.1 port 55088 [preauth]
Jul 14 10:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.171.84.217  user=root
Jul 14 10:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12461]: Failed password for root from 103.171.84.217 port 33858 ssh2
Jul 14 10:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12461]: Received disconnect from 103.171.84.217 port 33858:11: Bye Bye [preauth]
Jul 14 10:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12461]: Disconnected from 103.171.84.217 port 33858 [preauth]
Jul 14 10:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.104.0.82  user=root
Jul 14 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12479]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12480]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12475]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12476]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12475]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12560]: Successful su for rubyman by root
Jul 14 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12560]: + ??? root:rubyman
Jul 14 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12560]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783796 of user rubyman.
Jul 14 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12560]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783796.
Jul 14 10:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12472]: Failed password for root from 79.104.0.82 port 56166 ssh2
Jul 14 10:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12472]: Received disconnect from 79.104.0.82 port 56166:11: Bye Bye [preauth]
Jul 14 10:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12472]: Disconnected from 79.104.0.82 port 56166 [preauth]
Jul 14 10:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9617]: pam_unix(cron:session): session closed for user root
Jul 14 10:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12476]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.91.73.167  user=root
Jul 14 10:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12778]: Failed password for root from 210.91.73.167 port 39826 ssh2
Jul 14 10:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12778]: Received disconnect from 210.91.73.167 port 39826:11: Bye Bye [preauth]
Jul 14 10:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12778]: Disconnected from 210.91.73.167 port 39826 [preauth]
Jul 14 10:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.102.141.123  user=root
Jul 14 10:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.37.230  user=root
Jul 14 10:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12814]: Failed password for root from 75.102.141.123 port 56919 ssh2
Jul 14 10:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12814]: Received disconnect from 75.102.141.123 port 56919:11: Bye Bye [preauth]
Jul 14 10:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12814]: Disconnected from 75.102.141.123 port 56919 [preauth]
Jul 14 10:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12830]: Failed password for root from 159.223.37.230 port 45324 ssh2
Jul 14 10:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12830]: Received disconnect from 159.223.37.230 port 45324:11: Bye Bye [preauth]
Jul 14 10:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12830]: Disconnected from 159.223.37.230 port 45324 [preauth]
Jul 14 10:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.149.226  user=root
Jul 14 10:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.47.135.113  user=root
Jul 14 10:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12842]: Failed password for root from 176.65.149.226 port 34724 ssh2
Jul 14 10:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12842]: Connection closed by 176.65.149.226 port 34724 [preauth]
Jul 14 10:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.149.226  user=root
Jul 14 10:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11520]: pam_unix(cron:session): session closed for user root
Jul 14 10:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12852]: Failed password for root from 103.47.135.113 port 40112 ssh2
Jul 14 10:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12852]: Received disconnect from 103.47.135.113 port 40112:11: Bye Bye [preauth]
Jul 14 10:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12852]: Disconnected from 103.47.135.113 port 40112 [preauth]
Jul 14 10:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12865]: Failed password for root from 176.65.149.226 port 33992 ssh2
Jul 14 10:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12865]: Connection closed by 176.65.149.226 port 33992 [preauth]
Jul 14 10:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.149.226  user=root
Jul 14 10:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12889]: Failed password for root from 176.65.149.226 port 42902 ssh2
Jul 14 10:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12889]: Connection closed by 176.65.149.226 port 42902 [preauth]
Jul 14 10:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.149.226  user=root
Jul 14 10:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12891]: Failed password for root from 176.65.149.226 port 47726 ssh2
Jul 14 10:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12891]: Connection closed by 176.65.149.226 port 47726 [preauth]
Jul 14 10:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.149.226  user=root
Jul 14 10:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12913]: Failed password for root from 176.65.149.226 port 58918 ssh2
Jul 14 10:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12913]: Connection closed by 176.65.149.226 port 58918 [preauth]
Jul 14 10:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.202  user=root
Jul 14 10:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.190.104.66  user=root
Jul 14 10:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.149.226  user=root
Jul 14 10:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12934]: Failed password for root from 14.225.220.202 port 45878 ssh2
Jul 14 10:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12934]: Received disconnect from 14.225.220.202 port 45878:11: Bye Bye [preauth]
Jul 14 10:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12934]: Disconnected from 14.225.220.202 port 45878 [preauth]
Jul 14 10:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12936]: Failed password for root from 195.190.104.66 port 55980 ssh2
Jul 14 10:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12936]: Received disconnect from 195.190.104.66 port 55980:11: Bye Bye [preauth]
Jul 14 10:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12936]: Disconnected from 195.190.104.66 port 55980 [preauth]
Jul 14 10:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.23.122.235  user=root
Jul 14 10:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12938]: Failed password for root from 176.65.149.226 port 35992 ssh2
Jul 14 10:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.149.226  user=root
Jul 14 10:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12940]: Failed password for root from 102.23.122.235 port 4549 ssh2
Jul 14 10:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12938]: Connection closed by 176.65.149.226 port 35992 [preauth]
Jul 14 10:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12940]: Received disconnect from 102.23.122.235 port 4549:11: Bye Bye [preauth]
Jul 14 10:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12940]: Disconnected from 102.23.122.235 port 4549 [preauth]
Jul 14 10:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.224.139.145  user=root
Jul 14 10:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12943]: Failed password for root from 176.65.149.226 port 56926 ssh2
Jul 14 10:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12943]: Connection closed by 176.65.149.226 port 56926 [preauth]
Jul 14 10:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12957]: Failed password for root from 156.224.139.145 port 35678 ssh2
Jul 14 10:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12957]: Received disconnect from 156.224.139.145 port 35678:11: Bye Bye [preauth]
Jul 14 10:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12957]: Disconnected from 156.224.139.145 port 35678 [preauth]
Jul 14 10:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.149.226  user=root
Jul 14 10:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74  user=root
Jul 14 10:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12959]: Failed password for root from 176.65.149.226 port 34848 ssh2
Jul 14 10:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.78.29  user=root
Jul 14 10:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12959]: Connection closed by 176.65.149.226 port 34848 [preauth]
Jul 14 10:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12961]: Failed password for root from 45.172.152.74 port 57256 ssh2
Jul 14 10:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12961]: Received disconnect from 45.172.152.74 port 57256:11: Bye Bye [preauth]
Jul 14 10:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12961]: Disconnected from 45.172.152.74 port 57256 [preauth]
Jul 14 10:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12989]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12991]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12988]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12987]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12987]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13071]: Successful su for rubyman by root
Jul 14 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13071]: + ??? root:rubyman
Jul 14 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13071]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783800 of user rubyman.
Jul 14 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13071]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783800.
Jul 14 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.149.226  user=root
Jul 14 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12975]: Failed password for root from 201.48.78.29 port 54378 ssh2
Jul 14 10:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12975]: Received disconnect from 201.48.78.29 port 54378:11: Bye Bye [preauth]
Jul 14 10:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12975]: Disconnected from 201.48.78.29 port 54378 [preauth]
Jul 14 10:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.191.89.82  user=root
Jul 14 10:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12977]: Failed password for root from 176.65.149.226 port 57252 ssh2
Jul 14 10:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12977]: Connection closed by 176.65.149.226 port 57252 [preauth]
Jul 14 10:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13092]: Failed password for root from 160.191.89.82 port 54268 ssh2
Jul 14 10:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13092]: Received disconnect from 160.191.89.82 port 54268:11: Bye Bye [preauth]
Jul 14 10:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13092]: Disconnected from 160.191.89.82 port 54268 [preauth]
Jul 14 10:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10076]: pam_unix(cron:session): session closed for user root
Jul 14 10:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.104.0.82  user=root
Jul 14 10:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12988]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13241]: Failed password for root from 79.104.0.82 port 55064 ssh2
Jul 14 10:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13241]: Received disconnect from 79.104.0.82 port 55064:11: Bye Bye [preauth]
Jul 14 10:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13241]: Disconnected from 79.104.0.82 port 55064 [preauth]
Jul 14 10:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.96.172  user=root
Jul 14 10:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13284]: Failed password for root from 103.20.96.172 port 53828 ssh2
Jul 14 10:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13284]: Received disconnect from 103.20.96.172 port 53828:11: Bye Bye [preauth]
Jul 14 10:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13284]: Disconnected from 103.20.96.172 port 53828 [preauth]
Jul 14 10:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11990]: pam_unix(cron:session): session closed for user root
Jul 14 10:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.102.141.123  user=root
Jul 14 10:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13378]: Failed password for root from 75.102.141.123 port 42792 ssh2
Jul 14 10:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13378]: Received disconnect from 75.102.141.123 port 42792:11: Bye Bye [preauth]
Jul 14 10:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13378]: Disconnected from 75.102.141.123 port 42792 [preauth]
Jul 14 10:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.37.230  user=root
Jul 14 10:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.91.73.167  user=root
Jul 14 10:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13390]: Failed password for root from 159.223.37.230 port 40454 ssh2
Jul 14 10:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13390]: Received disconnect from 159.223.37.230 port 40454:11: Bye Bye [preauth]
Jul 14 10:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13390]: Disconnected from 159.223.37.230 port 40454 [preauth]
Jul 14 10:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13392]: Failed password for root from 210.91.73.167 port 39134 ssh2
Jul 14 10:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13392]: Received disconnect from 210.91.73.167 port 39134:11: Bye Bye [preauth]
Jul 14 10:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13392]: Disconnected from 210.91.73.167 port 39134 [preauth]
Jul 14 10:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13419]: Invalid user server from 193.32.162.141
Jul 14 10:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13419]: input_userauth_request: invalid user server [preauth]
Jul 14 10:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13419]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 10:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.141
Jul 14 10:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13419]: Failed password for invalid user server from 193.32.162.141 port 51466 ssh2
Jul 14 10:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13419]: Connection closed by 193.32.162.141 port 51466 [preauth]
Jul 14 10:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.190.104.66  user=root
Jul 14 10:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.47.135.113  user=root
Jul 14 10:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13430]: Failed password for root from 195.190.104.66 port 51844 ssh2
Jul 14 10:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13432]: Failed password for root from 103.47.135.113 port 44856 ssh2
Jul 14 10:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13430]: Received disconnect from 195.190.104.66 port 51844:11: Bye Bye [preauth]
Jul 14 10:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13430]: Disconnected from 195.190.104.66 port 51844 [preauth]
Jul 14 10:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13432]: Received disconnect from 103.47.135.113 port 44856:11: Bye Bye [preauth]
Jul 14 10:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13432]: Disconnected from 103.47.135.113 port 44856 [preauth]
Jul 14 10:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.224.139.145  user=root
Jul 14 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13554]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13552]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13550]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13551]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13550]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13547]: Failed password for root from 156.224.139.145 port 35116 ssh2
Jul 14 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13547]: Received disconnect from 156.224.139.145 port 35116:11: Bye Bye [preauth]
Jul 14 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13547]: Disconnected from 156.224.139.145 port 35116 [preauth]
Jul 14 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13621]: Successful su for rubyman by root
Jul 14 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13621]: + ??? root:rubyman
Jul 14 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13621]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783803 of user rubyman.
Jul 14 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13621]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783803.
Jul 14 10:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10610]: pam_unix(cron:session): session closed for user root
Jul 14 10:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.202  user=root
Jul 14 10:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74  user=root
Jul 14 10:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13551]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13784]: Failed password for root from 14.225.220.202 port 55154 ssh2
Jul 14 10:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13784]: Received disconnect from 14.225.220.202 port 55154:11: Bye Bye [preauth]
Jul 14 10:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13784]: Disconnected from 14.225.220.202 port 55154 [preauth]
Jul 14 10:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13803]: Failed password for root from 45.172.152.74 port 33552 ssh2
Jul 14 10:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13803]: Received disconnect from 45.172.152.74 port 33552:11: Bye Bye [preauth]
Jul 14 10:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13803]: Disconnected from 45.172.152.74 port 33552 [preauth]
Jul 14 10:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.104.0.82  user=root
Jul 14 10:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13834]: Failed password for root from 79.104.0.82 port 53974 ssh2
Jul 14 10:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13834]: Received disconnect from 79.104.0.82 port 53974:11: Bye Bye [preauth]
Jul 14 10:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13834]: Disconnected from 79.104.0.82 port 53974 [preauth]
Jul 14 10:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.23.122.235  user=root
Jul 14 10:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13867]: Failed password for root from 102.23.122.235 port 4550 ssh2
Jul 14 10:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13867]: Received disconnect from 102.23.122.235 port 4550:11: Bye Bye [preauth]
Jul 14 10:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13867]: Disconnected from 102.23.122.235 port 4550 [preauth]
Jul 14 10:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.96.172  user=root
Jul 14 10:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.78.29  user=root
Jul 14 10:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13890]: Failed password for root from 103.20.96.172 port 60026 ssh2
Jul 14 10:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13890]: Received disconnect from 103.20.96.172 port 60026:11: Bye Bye [preauth]
Jul 14 10:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13890]: Disconnected from 103.20.96.172 port 60026 [preauth]
Jul 14 10:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13893]: Failed password for root from 201.48.78.29 port 54422 ssh2
Jul 14 10:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13893]: Received disconnect from 201.48.78.29 port 54422:11: Bye Bye [preauth]
Jul 14 10:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13893]: Disconnected from 201.48.78.29 port 54422 [preauth]
Jul 14 10:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12480]: pam_unix(cron:session): session closed for user root
Jul 14 10:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.171.84.217  user=root
Jul 14 10:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.102.141.123  user=root
Jul 14 10:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13942]: Failed password for root from 103.171.84.217 port 59598 ssh2
Jul 14 10:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13942]: Received disconnect from 103.171.84.217 port 59598:11: Bye Bye [preauth]
Jul 14 10:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13942]: Disconnected from 103.171.84.217 port 59598 [preauth]
Jul 14 10:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13957]: Failed password for root from 75.102.141.123 port 56891 ssh2
Jul 14 10:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13957]: Received disconnect from 75.102.141.123 port 56891:11: Bye Bye [preauth]
Jul 14 10:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13957]: Disconnected from 75.102.141.123 port 56891 [preauth]
Jul 14 10:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.37.230  user=root
Jul 14 10:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.190.104.66  user=root
Jul 14 10:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13968]: Failed password for root from 159.223.37.230 port 53716 ssh2
Jul 14 10:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13968]: Received disconnect from 159.223.37.230 port 53716:11: Bye Bye [preauth]
Jul 14 10:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13968]: Disconnected from 159.223.37.230 port 53716 [preauth]
Jul 14 10:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13970]: Failed password for root from 195.190.104.66 port 47712 ssh2
Jul 14 10:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13970]: Received disconnect from 195.190.104.66 port 47712:11: Bye Bye [preauth]
Jul 14 10:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13970]: Disconnected from 195.190.104.66 port 47712 [preauth]
Jul 14 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13994]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13991]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13997]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13992]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13998]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13995]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13998]: pam_unix(cron:session): session closed for user root
Jul 14 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13991]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14066]: Successful su for rubyman by root
Jul 14 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14066]: + ??? root:rubyman
Jul 14 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14066]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783811 of user rubyman.
Jul 14 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14066]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783811.
Jul 14 10:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.191.89.82  user=root
Jul 14 10:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13994]: pam_unix(cron:session): session closed for user root
Jul 14 10:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11089]: pam_unix(cron:session): session closed for user root
Jul 14 10:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.224.139.145  user=root
Jul 14 10:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14170]: Failed password for root from 160.191.89.82 port 54424 ssh2
Jul 14 10:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14170]: Received disconnect from 160.191.89.82 port 54424:11: Bye Bye [preauth]
Jul 14 10:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14170]: Disconnected from 160.191.89.82 port 54424 [preauth]
Jul 14 10:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14258]: Failed password for root from 156.224.139.145 port 34558 ssh2
Jul 14 10:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14258]: Received disconnect from 156.224.139.145 port 34558:11: Bye Bye [preauth]
Jul 14 10:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14258]: Disconnected from 156.224.139.145 port 34558 [preauth]
Jul 14 10:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13992]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.91.73.167  user=root
Jul 14 10:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.47.135.113  user=root
Jul 14 10:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74  user=root
Jul 14 10:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14284]: Failed password for root from 210.91.73.167 port 38442 ssh2
Jul 14 10:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14284]: Received disconnect from 210.91.73.167 port 38442:11: Bye Bye [preauth]
Jul 14 10:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14284]: Disconnected from 210.91.73.167 port 38442 [preauth]
Jul 14 10:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14286]: Failed password for root from 103.47.135.113 port 41888 ssh2
Jul 14 10:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14286]: Received disconnect from 103.47.135.113 port 41888:11: Bye Bye [preauth]
Jul 14 10:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14286]: Disconnected from 103.47.135.113 port 41888 [preauth]
Jul 14 10:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14297]: Failed password for root from 45.172.152.74 port 50970 ssh2
Jul 14 10:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14297]: Received disconnect from 45.172.152.74 port 50970:11: Bye Bye [preauth]
Jul 14 10:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14297]: Disconnected from 45.172.152.74 port 50970 [preauth]
Jul 14 10:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.104.0.82  user=root
Jul 14 10:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14321]: Failed password for root from 79.104.0.82 port 52872 ssh2
Jul 14 10:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14321]: Received disconnect from 79.104.0.82 port 52872:11: Bye Bye [preauth]
Jul 14 10:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14321]: Disconnected from 79.104.0.82 port 52872 [preauth]
Jul 14 10:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.202  user=root
Jul 14 10:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14331]: Failed password for root from 14.225.220.202 port 47944 ssh2
Jul 14 10:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14331]: Received disconnect from 14.225.220.202 port 47944:11: Bye Bye [preauth]
Jul 14 10:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14331]: Disconnected from 14.225.220.202 port 47944 [preauth]
Jul 14 10:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12991]: pam_unix(cron:session): session closed for user root
Jul 14 10:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.96.172  user=root
Jul 14 10:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.23.122.235  user=root
Jul 14 10:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14424]: Failed password for root from 103.20.96.172 port 43508 ssh2
Jul 14 10:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14424]: Received disconnect from 103.20.96.172 port 43508:11: Bye Bye [preauth]
Jul 14 10:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14424]: Disconnected from 103.20.96.172 port 43508 [preauth]
Jul 14 10:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14426]: Failed password for root from 102.23.122.235 port 4551 ssh2
Jul 14 10:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14426]: Received disconnect from 102.23.122.235 port 4551:11: Bye Bye [preauth]
Jul 14 10:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14426]: Disconnected from 102.23.122.235 port 4551 [preauth]
Jul 14 10:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.190.104.66  user=root
Jul 14 10:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14438]: Failed password for root from 195.190.104.66 port 43588 ssh2
Jul 14 10:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14438]: Received disconnect from 195.190.104.66 port 43588:11: Bye Bye [preauth]
Jul 14 10:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14438]: Disconnected from 195.190.104.66 port 43588 [preauth]
Jul 14 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14455]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14456]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14454]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14453]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14453]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14525]: Successful su for rubyman by root
Jul 14 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14525]: + ??? root:rubyman
Jul 14 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14525]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783815 of user rubyman.
Jul 14 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14525]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783815.
Jul 14 10:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.37.230  user=root
Jul 14 10:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11519]: pam_unix(cron:session): session closed for user root
Jul 14 10:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14666]: Failed password for root from 159.223.37.230 port 59960 ssh2
Jul 14 10:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14666]: Received disconnect from 159.223.37.230 port 59960:11: Bye Bye [preauth]
Jul 14 10:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14666]: Disconnected from 159.223.37.230 port 59960 [preauth]
Jul 14 10:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14454]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.224.139.145  user=root
Jul 14 10:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.171.84.217  user=root
Jul 14 10:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14737]: Failed password for root from 156.224.139.145 port 33998 ssh2
Jul 14 10:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14737]: Received disconnect from 156.224.139.145 port 33998:11: Bye Bye [preauth]
Jul 14 10:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14737]: Disconnected from 156.224.139.145 port 33998 [preauth]
Jul 14 10:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14735]: Failed password for root from 103.171.84.217 port 51150 ssh2
Jul 14 10:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14735]: Received disconnect from 103.171.84.217 port 51150:11: Bye Bye [preauth]
Jul 14 10:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14735]: Disconnected from 103.171.84.217 port 51150 [preauth]
Jul 14 10:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74  user=root
Jul 14 10:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.104.0.82  user=root
Jul 14 10:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14782]: Failed password for root from 45.172.152.74 port 37640 ssh2
Jul 14 10:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14782]: Received disconnect from 45.172.152.74 port 37640:11: Bye Bye [preauth]
Jul 14 10:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14782]: Disconnected from 45.172.152.74 port 37640 [preauth]
Jul 14 10:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14784]: Failed password for root from 79.104.0.82 port 51774 ssh2
Jul 14 10:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14784]: Received disconnect from 79.104.0.82 port 51774:11: Bye Bye [preauth]
Jul 14 10:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14784]: Disconnected from 79.104.0.82 port 51774 [preauth]
Jul 14 10:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.47.135.113  user=root
Jul 14 10:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14794]: Failed password for root from 103.47.135.113 port 44292 ssh2
Jul 14 10:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14794]: Received disconnect from 103.47.135.113 port 44292:11: Bye Bye [preauth]
Jul 14 10:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14794]: Disconnected from 103.47.135.113 port 44292 [preauth]
Jul 14 10:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13554]: pam_unix(cron:session): session closed for user root
Jul 14 10:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.91.73.167  user=root
Jul 14 10:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14835]: Failed password for root from 210.91.73.167 port 37748 ssh2
Jul 14 10:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14835]: Received disconnect from 210.91.73.167 port 37748:11: Bye Bye [preauth]
Jul 14 10:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14835]: Disconnected from 210.91.73.167 port 37748 [preauth]
Jul 14 10:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.202  user=root
Jul 14 10:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14845]: Failed password for root from 14.225.220.202 port 45732 ssh2
Jul 14 10:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14845]: Received disconnect from 14.225.220.202 port 45732:11: Bye Bye [preauth]
Jul 14 10:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14845]: Disconnected from 14.225.220.202 port 45732 [preauth]
Jul 14 10:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.190.104.66  user=root
Jul 14 10:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14880]: Failed password for root from 195.190.104.66 port 39432 ssh2
Jul 14 10:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14880]: Received disconnect from 195.190.104.66 port 39432:11: Bye Bye [preauth]
Jul 14 10:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14880]: Disconnected from 195.190.104.66 port 39432 [preauth]
Jul 14 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14902]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14897]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14895]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14896]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14895]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14968]: Successful su for rubyman by root
Jul 14 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14968]: + ??? root:rubyman
Jul 14 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14968]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783817 of user rubyman.
Jul 14 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14968]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783817.
Jul 14 10:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11989]: pam_unix(cron:session): session closed for user root
Jul 14 10:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14896]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.96.172  user=root
Jul 14 10:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.191.89.82  user=root
Jul 14 10:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15164]: Failed password for root from 103.20.96.172 port 51836 ssh2
Jul 14 10:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15164]: Received disconnect from 103.20.96.172 port 51836:11: Bye Bye [preauth]
Jul 14 10:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15164]: Disconnected from 103.20.96.172 port 51836 [preauth]
Jul 14 10:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15166]: Failed password for root from 160.191.89.82 port 34372 ssh2
Jul 14 10:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15166]: Received disconnect from 160.191.89.82 port 34372:11: Bye Bye [preauth]
Jul 14 10:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15166]: Disconnected from 160.191.89.82 port 34372 [preauth]
Jul 14 10:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.37.230  user=root
Jul 14 10:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.224.139.145  user=root
Jul 14 10:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15189]: Failed password for root from 159.223.37.230 port 54010 ssh2
Jul 14 10:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15189]: Received disconnect from 159.223.37.230 port 54010:11: Bye Bye [preauth]
Jul 14 10:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15189]: Disconnected from 159.223.37.230 port 54010 [preauth]
Jul 14 10:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15199]: Failed password for root from 156.224.139.145 port 33440 ssh2
Jul 14 10:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15199]: Received disconnect from 156.224.139.145 port 33440:11: Bye Bye [preauth]
Jul 14 10:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15199]: Disconnected from 156.224.139.145 port 33440 [preauth]
Jul 14 10:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.23.122.235  user=root
Jul 14 10:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15203]: Failed password for root from 102.23.122.235 port 4552 ssh2
Jul 14 10:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15203]: Received disconnect from 102.23.122.235 port 4552:11: Bye Bye [preauth]
Jul 14 10:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15203]: Disconnected from 102.23.122.235 port 4552 [preauth]
Jul 14 10:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.104.0.82  user=root
Jul 14 10:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15235]: Failed password for root from 79.104.0.82 port 50674 ssh2
Jul 14 10:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15235]: Received disconnect from 79.104.0.82 port 50674:11: Bye Bye [preauth]
Jul 14 10:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15235]: Disconnected from 79.104.0.82 port 50674 [preauth]
Jul 14 10:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13997]: pam_unix(cron:session): session closed for user root
Jul 14 10:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74  user=root
Jul 14 10:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15253]: Failed password for root from 45.172.152.74 port 55644 ssh2
Jul 14 10:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15253]: Received disconnect from 45.172.152.74 port 55644:11: Bye Bye [preauth]
Jul 14 10:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15253]: Disconnected from 45.172.152.74 port 55644 [preauth]
Jul 14 10:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.171.84.217  user=root
Jul 14 10:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15270]: Failed password for root from 103.171.84.217 port 59506 ssh2
Jul 14 10:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15270]: Received disconnect from 103.171.84.217 port 59506:11: Bye Bye [preauth]
Jul 14 10:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15270]: Disconnected from 103.171.84.217 port 59506 [preauth]
Jul 14 10:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.47.135.113  user=root
Jul 14 10:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15308]: Failed password for root from 103.47.135.113 port 42662 ssh2
Jul 14 10:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15308]: Received disconnect from 103.47.135.113 port 42662:11: Bye Bye [preauth]
Jul 14 10:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15308]: Disconnected from 103.47.135.113 port 42662 [preauth]
Jul 14 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15330]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15331]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15329]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15328]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15328]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15394]: Successful su for rubyman by root
Jul 14 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15394]: + ??? root:rubyman
Jul 14 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15394]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783821 of user rubyman.
Jul 14 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15394]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783821.
Jul 14 10:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12479]: pam_unix(cron:session): session closed for user root
Jul 14 10:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.202  user=root
Jul 14 10:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15329]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15549]: Failed password for root from 14.225.220.202 port 50944 ssh2
Jul 14 10:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15549]: Received disconnect from 14.225.220.202 port 50944:11: Bye Bye [preauth]
Jul 14 10:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15549]: Disconnected from 14.225.220.202 port 50944 [preauth]
Jul 14 10:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.91.73.167  user=root
Jul 14 10:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.190.104.66  user=root
Jul 14 10:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15586]: Failed password for root from 210.91.73.167 port 37054 ssh2
Jul 14 10:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15586]: Received disconnect from 210.91.73.167 port 37054:11: Bye Bye [preauth]
Jul 14 10:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15586]: Disconnected from 210.91.73.167 port 37054 [preauth]
Jul 14 10:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15595]: Failed password for root from 195.190.104.66 port 35340 ssh2
Jul 14 10:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15595]: Received disconnect from 195.190.104.66 port 35340:11: Bye Bye [preauth]
Jul 14 10:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15595]: Disconnected from 195.190.104.66 port 35340 [preauth]
Jul 14 10:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.224.139.145  user=root
Jul 14 10:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15655]: Failed password for root from 156.224.139.145 port 32884 ssh2
Jul 14 10:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15655]: Received disconnect from 156.224.139.145 port 32884:11: Bye Bye [preauth]
Jul 14 10:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15655]: Disconnected from 156.224.139.145 port 32884 [preauth]
Jul 14 10:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14456]: pam_unix(cron:session): session closed for user root
Jul 14 10:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.96.172  user=root
Jul 14 10:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15672]: Failed password for root from 103.20.96.172 port 53396 ssh2
Jul 14 10:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15672]: Received disconnect from 103.20.96.172 port 53396:11: Bye Bye [preauth]
Jul 14 10:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15672]: Disconnected from 103.20.96.172 port 53396 [preauth]
Jul 14 10:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.104.0.82  user=root
Jul 14 10:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.37.230  user=root
Jul 14 10:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15694]: Failed password for root from 79.104.0.82 port 49578 ssh2
Jul 14 10:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15698]: Failed password for root from 159.223.37.230 port 53044 ssh2
Jul 14 10:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15694]: Received disconnect from 79.104.0.82 port 49578:11: Bye Bye [preauth]
Jul 14 10:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15694]: Disconnected from 79.104.0.82 port 49578 [preauth]
Jul 14 10:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15698]: Received disconnect from 159.223.37.230 port 53044:11: Bye Bye [preauth]
Jul 14 10:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15698]: Disconnected from 159.223.37.230 port 53044 [preauth]
Jul 14 10:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74  user=root
Jul 14 10:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15722]: Failed password for root from 45.172.152.74 port 55142 ssh2
Jul 14 10:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15722]: Received disconnect from 45.172.152.74 port 55142:11: Bye Bye [preauth]
Jul 14 10:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15722]: Disconnected from 45.172.152.74 port 55142 [preauth]
Jul 14 10:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.23.122.235  user=root
Jul 14 10:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15741]: Failed password for root from 102.23.122.235 port 4553 ssh2
Jul 14 10:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15741]: Received disconnect from 102.23.122.235 port 4553:11: Bye Bye [preauth]
Jul 14 10:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15741]: Disconnected from 102.23.122.235 port 4553 [preauth]
Jul 14 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15757]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15758]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15756]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15755]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15752]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15755]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15895]: Successful su for rubyman by root
Jul 14 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15895]: + ??? root:rubyman
Jul 14 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15895]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783825 of user rubyman.
Jul 14 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15895]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783825.
Jul 14 10:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15752]: pam_unix(cron:session): session closed for user root
Jul 14 10:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12989]: pam_unix(cron:session): session closed for user root
Jul 14 10:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15756]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.47.135.113  user=root
Jul 14 10:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16083]: Failed password for root from 103.47.135.113 port 52042 ssh2
Jul 14 10:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16083]: Received disconnect from 103.47.135.113 port 52042:11: Bye Bye [preauth]
Jul 14 10:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16083]: Disconnected from 103.47.135.113 port 52042 [preauth]
Jul 14 10:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.190.104.66  user=root
Jul 14 10:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.171.84.217  user=root
Jul 14 10:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16099]: Failed password for root from 195.190.104.66 port 59424 ssh2
Jul 14 10:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16099]: Received disconnect from 195.190.104.66 port 59424:11: Bye Bye [preauth]
Jul 14 10:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16099]: Disconnected from 195.190.104.66 port 59424 [preauth]
Jul 14 10:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16113]: Failed password for root from 103.171.84.217 port 40238 ssh2
Jul 14 10:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16113]: Received disconnect from 103.171.84.217 port 40238:11: Bye Bye [preauth]
Jul 14 10:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16113]: Disconnected from 103.171.84.217 port 40238 [preauth]
Jul 14 10:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.191.89.82  user=root
Jul 14 10:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16138]: Failed password for root from 160.191.89.82 port 50266 ssh2
Jul 14 10:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16138]: Received disconnect from 160.191.89.82 port 50266:11: Bye Bye [preauth]
Jul 14 10:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16138]: Disconnected from 160.191.89.82 port 50266 [preauth]
Jul 14 10:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.202  user=root
Jul 14 10:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16151]: Failed password for root from 14.225.220.202 port 56348 ssh2
Jul 14 10:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16151]: Received disconnect from 14.225.220.202 port 56348:11: Bye Bye [preauth]
Jul 14 10:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16151]: Disconnected from 14.225.220.202 port 56348 [preauth]
Jul 14 10:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14902]: pam_unix(cron:session): session closed for user root
Jul 14 10:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.91.73.167  user=root
Jul 14 10:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16200]: Failed password for root from 210.91.73.167 port 36350 ssh2
Jul 14 10:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16200]: Received disconnect from 210.91.73.167 port 36350:11: Bye Bye [preauth]
Jul 14 10:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16200]: Disconnected from 210.91.73.167 port 36350 [preauth]
Jul 14 10:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.224.139.145  user=root
Jul 14 10:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16223]: Failed password for root from 156.224.139.145 port 60564 ssh2
Jul 14 10:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16223]: Received disconnect from 156.224.139.145 port 60564:11: Bye Bye [preauth]
Jul 14 10:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16223]: Disconnected from 156.224.139.145 port 60564 [preauth]
Jul 14 10:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.104.0.82  user=root
Jul 14 10:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16238]: Failed password for root from 79.104.0.82 port 48482 ssh2
Jul 14 10:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16238]: Received disconnect from 79.104.0.82 port 48482:11: Bye Bye [preauth]
Jul 14 10:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16238]: Disconnected from 79.104.0.82 port 48482 [preauth]
Jul 14 10:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74  user=root
Jul 14 10:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16259]: Failed password for root from 45.172.152.74 port 41206 ssh2
Jul 14 10:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.96.172  user=root
Jul 14 10:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16259]: Received disconnect from 45.172.152.74 port 41206:11: Bye Bye [preauth]
Jul 14 10:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16259]: Disconnected from 45.172.152.74 port 41206 [preauth]
Jul 14 10:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.37.230  user=root
Jul 14 10:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16261]: Failed password for root from 103.20.96.172 port 45930 ssh2
Jul 14 10:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16261]: Received disconnect from 103.20.96.172 port 45930:11: Bye Bye [preauth]
Jul 14 10:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16261]: Disconnected from 103.20.96.172 port 45930 [preauth]
Jul 14 10:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16263]: Failed password for root from 159.223.37.230 port 50624 ssh2
Jul 14 10:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16263]: Received disconnect from 159.223.37.230 port 50624:11: Bye Bye [preauth]
Jul 14 10:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16263]: Disconnected from 159.223.37.230 port 50624 [preauth]
Jul 14 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16280]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16279]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16278]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16277]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16275]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16276]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16280]: pam_unix(cron:session): session closed for user root
Jul 14 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16275]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16344]: Successful su for rubyman by root
Jul 14 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16344]: + ??? root:rubyman
Jul 14 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16344]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783832 of user rubyman.
Jul 14 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16344]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783832.
Jul 14 10:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16277]: pam_unix(cron:session): session closed for user root
Jul 14 10:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13552]: pam_unix(cron:session): session closed for user root
Jul 14 10:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.190.104.66  user=root
Jul 14 10:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16276]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16579]: Failed password for root from 195.190.104.66 port 55292 ssh2
Jul 14 10:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16579]: Received disconnect from 195.190.104.66 port 55292:11: Bye Bye [preauth]
Jul 14 10:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16579]: Disconnected from 195.190.104.66 port 55292 [preauth]
Jul 14 10:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.47.135.113  user=root
Jul 14 10:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.23.122.235  user=root
Jul 14 10:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16661]: Failed password for root from 103.47.135.113 port 39818 ssh2
Jul 14 10:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16661]: Received disconnect from 103.47.135.113 port 39818:11: Bye Bye [preauth]
Jul 14 10:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16661]: Disconnected from 103.47.135.113 port 39818 [preauth]
Jul 14 10:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16663]: Failed password for root from 102.23.122.235 port 4554 ssh2
Jul 14 10:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16663]: Received disconnect from 102.23.122.235 port 4554:11: Bye Bye [preauth]
Jul 14 10:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16663]: Disconnected from 102.23.122.235 port 4554 [preauth]
Jul 14 10:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15331]: pam_unix(cron:session): session closed for user root
Jul 14 10:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.202  user=root
Jul 14 10:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16744]: Failed password for root from 14.225.220.202 port 52426 ssh2
Jul 14 10:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16744]: Received disconnect from 14.225.220.202 port 52426:11: Bye Bye [preauth]
Jul 14 10:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16744]: Disconnected from 14.225.220.202 port 52426 [preauth]
Jul 14 10:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.171.84.217  user=root
Jul 14 10:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.224.139.145  user=root
Jul 14 10:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16762]: Failed password for root from 103.171.84.217 port 35948 ssh2
Jul 14 10:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16762]: Received disconnect from 103.171.84.217 port 35948:11: Bye Bye [preauth]
Jul 14 10:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16762]: Disconnected from 103.171.84.217 port 35948 [preauth]
Jul 14 10:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16765]: Failed password for root from 156.224.139.145 port 60008 ssh2
Jul 14 10:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16765]: Received disconnect from 156.224.139.145 port 60008:11: Bye Bye [preauth]
Jul 14 10:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16765]: Disconnected from 156.224.139.145 port 60008 [preauth]
Jul 14 10:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.104.0.82  user=root
Jul 14 10:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16767]: Failed password for root from 79.104.0.82 port 47382 ssh2
Jul 14 10:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16767]: Received disconnect from 79.104.0.82 port 47382:11: Bye Bye [preauth]
Jul 14 10:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16767]: Disconnected from 79.104.0.82 port 47382 [preauth]
Jul 14 10:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.91.73.167  user=root
Jul 14 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16793]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16792]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16794]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16791]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16791]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16859]: Successful su for rubyman by root
Jul 14 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16859]: + ??? root:rubyman
Jul 14 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16859]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783836 of user rubyman.
Jul 14 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16859]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783836.
Jul 14 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16788]: Failed password for root from 210.91.73.167 port 35652 ssh2
Jul 14 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16788]: Received disconnect from 210.91.73.167 port 35652:11: Bye Bye [preauth]
Jul 14 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16788]: Disconnected from 210.91.73.167 port 35652 [preauth]
Jul 14 10:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74  user=root
Jul 14 10:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.190.104.66  user=root
Jul 14 10:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17045]: Connection closed by 58.213.151.125 port 40238 [preauth]
Jul 14 10:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13995]: pam_unix(cron:session): session closed for user root
Jul 14 10:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16792]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17033]: Failed password for root from 45.172.152.74 port 36146 ssh2
Jul 14 10:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17033]: Received disconnect from 45.172.152.74 port 36146:11: Bye Bye [preauth]
Jul 14 10:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17033]: Disconnected from 45.172.152.74 port 36146 [preauth]
Jul 14 10:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17031]: Failed password for root from 195.190.104.66 port 51172 ssh2
Jul 14 10:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17031]: Received disconnect from 195.190.104.66 port 51172:11: Bye Bye [preauth]
Jul 14 10:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17031]: Disconnected from 195.190.104.66 port 51172 [preauth]
Jul 14 10:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.37.230  user=root
Jul 14 10:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.96.172  user=root
Jul 14 10:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17110]: Failed password for root from 159.223.37.230 port 35218 ssh2
Jul 14 10:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17107]: Failed password for root from 103.20.96.172 port 32930 ssh2
Jul 14 10:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17110]: Received disconnect from 159.223.37.230 port 35218:11: Bye Bye [preauth]
Jul 14 10:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17110]: Disconnected from 159.223.37.230 port 35218 [preauth]
Jul 14 10:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17107]: Received disconnect from 103.20.96.172 port 32930:11: Bye Bye [preauth]
Jul 14 10:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17107]: Disconnected from 103.20.96.172 port 32930 [preauth]
Jul 14 10:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.191.89.82  user=root
Jul 14 10:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17130]: Failed password for root from 160.191.89.82 port 60812 ssh2
Jul 14 10:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17130]: Received disconnect from 160.191.89.82 port 60812:11: Bye Bye [preauth]
Jul 14 10:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17130]: Disconnected from 160.191.89.82 port 60812 [preauth]
Jul 14 10:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17151]: Invalid user server from 193.32.162.141
Jul 14 10:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17151]: input_userauth_request: invalid user server [preauth]
Jul 14 10:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17151]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 10:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.141
Jul 14 10:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17151]: Failed password for invalid user server from 193.32.162.141 port 40572 ssh2
Jul 14 10:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17151]: Connection closed by 193.32.162.141 port 40572 [preauth]
Jul 14 10:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15758]: pam_unix(cron:session): session closed for user root
Jul 14 10:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.47.135.113  user=root
Jul 14 10:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17193]: Failed password for root from 103.47.135.113 port 43704 ssh2
Jul 14 10:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17193]: Received disconnect from 103.47.135.113 port 43704:11: Bye Bye [preauth]
Jul 14 10:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17193]: Disconnected from 103.47.135.113 port 43704 [preauth]
Jul 14 10:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.23.122.235  user=root
Jul 14 10:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17238]: Failed password for root from 102.23.122.235 port 4555 ssh2
Jul 14 10:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17238]: Received disconnect from 102.23.122.235 port 4555:11: Bye Bye [preauth]
Jul 14 10:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17238]: Disconnected from 102.23.122.235 port 4555 [preauth]
Jul 14 10:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.224.139.145  user=root
Jul 14 10:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17251]: Failed password for root from 156.224.139.145 port 59450 ssh2
Jul 14 10:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17251]: Received disconnect from 156.224.139.145 port 59450:11: Bye Bye [preauth]
Jul 14 10:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17251]: Disconnected from 156.224.139.145 port 59450 [preauth]
Jul 14 10:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.104.0.82  user=root
Jul 14 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17270]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17268]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17273]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17266]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17266]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17334]: Successful su for rubyman by root
Jul 14 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17334]: + ??? root:rubyman
Jul 14 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17334]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783840 of user rubyman.
Jul 14 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17334]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783840.
Jul 14 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.190.104.66  user=root
Jul 14 10:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17263]: Failed password for root from 79.104.0.82 port 46276 ssh2
Jul 14 10:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17263]: Received disconnect from 79.104.0.82 port 46276:11: Bye Bye [preauth]
Jul 14 10:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17263]: Disconnected from 79.104.0.82 port 46276 [preauth]
Jul 14 10:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17345]: Failed password for root from 195.190.104.66 port 47004 ssh2
Jul 14 10:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17345]: Received disconnect from 195.190.104.66 port 47004:11: Bye Bye [preauth]
Jul 14 10:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17345]: Disconnected from 195.190.104.66 port 47004 [preauth]
Jul 14 10:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14455]: pam_unix(cron:session): session closed for user root
Jul 14 10:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.202  user=root
Jul 14 10:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17268]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17515]: Failed password for root from 14.225.220.202 port 34338 ssh2
Jul 14 10:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17515]: Received disconnect from 14.225.220.202 port 34338:11: Bye Bye [preauth]
Jul 14 10:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17515]: Disconnected from 14.225.220.202 port 34338 [preauth]
Jul 14 10:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.171.84.217  user=root
Jul 14 10:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74  user=root
Jul 14 10:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17567]: Failed password for root from 103.171.84.217 port 40474 ssh2
Jul 14 10:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17578]: Failed password for root from 45.172.152.74 port 39280 ssh2
Jul 14 10:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17578]: Received disconnect from 45.172.152.74 port 39280:11: Bye Bye [preauth]
Jul 14 10:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17578]: Disconnected from 45.172.152.74 port 39280 [preauth]
Jul 14 10:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17567]: Received disconnect from 103.171.84.217 port 40474:11: Bye Bye [preauth]
Jul 14 10:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17567]: Disconnected from 103.171.84.217 port 40474 [preauth]
Jul 14 10:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.91.73.167  user=root
Jul 14 10:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17604]: Failed password for root from 210.91.73.167 port 34954 ssh2
Jul 14 10:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17604]: Received disconnect from 210.91.73.167 port 34954:11: Bye Bye [preauth]
Jul 14 10:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17604]: Disconnected from 210.91.73.167 port 34954 [preauth]
Jul 14 10:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.37.230  user=root
Jul 14 10:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17616]: Failed password for root from 159.223.37.230 port 38686 ssh2
Jul 14 10:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17616]: Received disconnect from 159.223.37.230 port 38686:11: Bye Bye [preauth]
Jul 14 10:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17616]: Disconnected from 159.223.37.230 port 38686 [preauth]
Jul 14 10:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16279]: pam_unix(cron:session): session closed for user root
Jul 14 10:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.96.172  user=root
Jul 14 10:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17663]: Failed password for root from 103.20.96.172 port 53908 ssh2
Jul 14 10:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17663]: Received disconnect from 103.20.96.172 port 53908:11: Bye Bye [preauth]
Jul 14 10:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17663]: Disconnected from 103.20.96.172 port 53908 [preauth]
Jul 14 10:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.47.135.113  user=root
Jul 14 10:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17698]: Failed password for root from 103.47.135.113 port 57174 ssh2
Jul 14 10:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17698]: Received disconnect from 103.47.135.113 port 57174:11: Bye Bye [preauth]
Jul 14 10:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17698]: Disconnected from 103.47.135.113 port 57174 [preauth]
Jul 14 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17723]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17724]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17725]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17722]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17722]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17892]: Successful su for rubyman by root
Jul 14 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17892]: + ??? root:rubyman
Jul 14 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17892]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783844 of user rubyman.
Jul 14 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17892]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783844.
Jul 14 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.190.104.66  user=root
Jul 14 10:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17719]: Failed password for root from 195.190.104.66 port 42870 ssh2
Jul 14 10:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17719]: Received disconnect from 195.190.104.66 port 42870:11: Bye Bye [preauth]
Jul 14 10:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17719]: Disconnected from 195.190.104.66 port 42870 [preauth]
Jul 14 10:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14897]: pam_unix(cron:session): session closed for user root
Jul 14 10:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17723]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.23.122.235  user=root
Jul 14 10:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18142]: Failed password for root from 102.23.122.235 port 4556 ssh2
Jul 14 10:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18142]: Received disconnect from 102.23.122.235 port 4556:11: Bye Bye [preauth]
Jul 14 10:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18142]: Disconnected from 102.23.122.235 port 4556 [preauth]
Jul 14 10:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.191.89.82  user=root
Jul 14 10:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18166]: Failed password for root from 160.191.89.82 port 48514 ssh2
Jul 14 10:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18166]: Received disconnect from 160.191.89.82 port 48514:11: Bye Bye [preauth]
Jul 14 10:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18166]: Disconnected from 160.191.89.82 port 48514 [preauth]
Jul 14 10:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.202  user=root
Jul 14 10:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16794]: pam_unix(cron:session): session closed for user root
Jul 14 10:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74  user=root
Jul 14 10:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18177]: Failed password for root from 14.225.220.202 port 50784 ssh2
Jul 14 10:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18177]: Received disconnect from 14.225.220.202 port 50784:11: Bye Bye [preauth]
Jul 14 10:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18177]: Disconnected from 14.225.220.202 port 50784 [preauth]
Jul 14 10:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18179]: Failed password for root from 45.172.152.74 port 42306 ssh2
Jul 14 10:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18179]: Received disconnect from 45.172.152.74 port 42306:11: Bye Bye [preauth]
Jul 14 10:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18179]: Disconnected from 45.172.152.74 port 42306 [preauth]
Jul 14 10:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.171.84.217  user=root
Jul 14 10:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18234]: Failed password for root from 103.171.84.217 port 40040 ssh2
Jul 14 10:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18234]: Received disconnect from 103.171.84.217 port 40040:11: Bye Bye [preauth]
Jul 14 10:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18234]: Disconnected from 103.171.84.217 port 40040 [preauth]
Jul 14 10:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.37.230  user=root
Jul 14 10:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18254]: Failed password for root from 159.223.37.230 port 46756 ssh2
Jul 14 10:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18254]: Received disconnect from 159.223.37.230 port 46756:11: Bye Bye [preauth]
Jul 14 10:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18254]: Disconnected from 159.223.37.230 port 46756 [preauth]
Jul 14 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18273]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18274]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18272]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18271]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18271]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18355]: Successful su for rubyman by root
Jul 14 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18355]: + ??? root:rubyman
Jul 14 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18355]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783848 of user rubyman.
Jul 14 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18355]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783848.
Jul 14 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.91.73.167  user=root
Jul 14 10:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18266]: Failed password for root from 210.91.73.167 port 34258 ssh2
Jul 14 10:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18266]: Received disconnect from 210.91.73.167 port 34258:11: Bye Bye [preauth]
Jul 14 10:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18266]: Disconnected from 210.91.73.167 port 34258 [preauth]
Jul 14 10:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15330]: pam_unix(cron:session): session closed for user root
Jul 14 10:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.190.104.66  user=root
Jul 14 10:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18479]: Failed password for root from 195.190.104.66 port 38732 ssh2
Jul 14 10:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18479]: Received disconnect from 195.190.104.66 port 38732:11: Bye Bye [preauth]
Jul 14 10:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18479]: Disconnected from 195.190.104.66 port 38732 [preauth]
Jul 14 10:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18272]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.47.135.113  user=root
Jul 14 10:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.96.172  user=root
Jul 14 10:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18557]: Failed password for root from 103.47.135.113 port 39684 ssh2
Jul 14 10:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18557]: Received disconnect from 103.47.135.113 port 39684:11: Bye Bye [preauth]
Jul 14 10:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18557]: Disconnected from 103.47.135.113 port 39684 [preauth]
Jul 14 10:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18572]: Failed password for root from 103.20.96.172 port 43008 ssh2
Jul 14 10:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18572]: Received disconnect from 103.20.96.172 port 43008:11: Bye Bye [preauth]
Jul 14 10:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18572]: Disconnected from 103.20.96.172 port 43008 [preauth]
Jul 14 10:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17273]: pam_unix(cron:session): session closed for user root
Jul 14 10:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.202  user=root
Jul 14 10:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18726]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18732]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18730]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18731]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18729]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18728]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18732]: pam_unix(cron:session): session closed for user root
Jul 14 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18726]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.23.122.235  user=root
Jul 14 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18720]: Failed password for root from 14.225.220.202 port 53940 ssh2
Jul 14 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18720]: Received disconnect from 14.225.220.202 port 53940:11: Bye Bye [preauth]
Jul 14 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18720]: Disconnected from 14.225.220.202 port 53940 [preauth]
Jul 14 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18806]: Successful su for rubyman by root
Jul 14 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18806]: + ??? root:rubyman
Jul 14 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18806]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783856 of user rubyman.
Jul 14 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18806]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783856.
Jul 14 10:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18722]: Failed password for root from 102.23.122.235 port 4557 ssh2
Jul 14 10:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18722]: Received disconnect from 102.23.122.235 port 4557:11: Bye Bye [preauth]
Jul 14 10:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18722]: Disconnected from 102.23.122.235 port 4557 [preauth]
Jul 14 10:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18729]: pam_unix(cron:session): session closed for user root
Jul 14 10:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15757]: pam_unix(cron:session): session closed for user root
Jul 14 10:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.190.104.66  user=root
Jul 14 10:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18945]: Failed password for root from 195.190.104.66 port 34602 ssh2
Jul 14 10:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18945]: Received disconnect from 195.190.104.66 port 34602:11: Bye Bye [preauth]
Jul 14 10:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18945]: Disconnected from 195.190.104.66 port 34602 [preauth]
Jul 14 10:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18728]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.37.230  user=root
Jul 14 10:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.171.84.217  user=root
Jul 14 10:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19057]: Failed password for root from 159.223.37.230 port 39108 ssh2
Jul 14 10:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19057]: Received disconnect from 159.223.37.230 port 39108:11: Bye Bye [preauth]
Jul 14 10:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19057]: Disconnected from 159.223.37.230 port 39108 [preauth]
Jul 14 10:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19059]: Failed password for root from 103.171.84.217 port 33798 ssh2
Jul 14 10:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19059]: Received disconnect from 103.171.84.217 port 33798:11: Bye Bye [preauth]
Jul 14 10:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19059]: Disconnected from 103.171.84.217 port 33798 [preauth]
Jul 14 10:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.47.135.113  user=root
Jul 14 10:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.91.73.167  user=root
Jul 14 10:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19099]: Failed password for root from 103.47.135.113 port 37144 ssh2
Jul 14 10:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19101]: Failed password for root from 210.91.73.167 port 33564 ssh2
Jul 14 10:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19099]: Received disconnect from 103.47.135.113 port 37144:11: Bye Bye [preauth]
Jul 14 10:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19099]: Disconnected from 103.47.135.113 port 37144 [preauth]
Jul 14 10:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19101]: Received disconnect from 210.91.73.167 port 33564:11: Bye Bye [preauth]
Jul 14 10:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19101]: Disconnected from 210.91.73.167 port 33564 [preauth]
Jul 14 10:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17725]: pam_unix(cron:session): session closed for user root
Jul 14 10:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.191.89.82  user=root
Jul 14 10:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.96.172  user=root
Jul 14 10:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19141]: Failed password for root from 160.191.89.82 port 47794 ssh2
Jul 14 10:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19141]: Received disconnect from 160.191.89.82 port 47794:11: Bye Bye [preauth]
Jul 14 10:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19141]: Disconnected from 160.191.89.82 port 47794 [preauth]
Jul 14 10:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19143]: Failed password for root from 103.20.96.172 port 33018 ssh2
Jul 14 10:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19143]: Received disconnect from 103.20.96.172 port 33018:11: Bye Bye [preauth]
Jul 14 10:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19143]: Disconnected from 103.20.96.172 port 33018 [preauth]
Jul 14 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19194]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19195]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19192]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19193]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19192]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19270]: Successful su for rubyman by root
Jul 14 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19270]: + ??? root:rubyman
Jul 14 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19270]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783860 of user rubyman.
Jul 14 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19270]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783860.
Jul 14 10:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16278]: pam_unix(cron:session): session closed for user root
Jul 14 10:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19193]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.190.104.66  user=root
Jul 14 10:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19454]: Failed password for root from 195.190.104.66 port 58708 ssh2
Jul 14 10:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19454]: Received disconnect from 195.190.104.66 port 58708:11: Bye Bye [preauth]
Jul 14 10:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19454]: Disconnected from 195.190.104.66 port 58708 [preauth]
Jul 14 10:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.202  user=root
Jul 14 10:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19508]: Failed password for root from 14.225.220.202 port 48018 ssh2
Jul 14 10:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19508]: Received disconnect from 14.225.220.202 port 48018:11: Bye Bye [preauth]
Jul 14 10:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19508]: Disconnected from 14.225.220.202 port 48018 [preauth]
Jul 14 10:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18274]: pam_unix(cron:session): session closed for user root
Jul 14 10:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.37.230  user=root
Jul 14 10:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19543]: Failed password for root from 159.223.37.230 port 52806 ssh2
Jul 14 10:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19543]: Received disconnect from 159.223.37.230 port 52806:11: Bye Bye [preauth]
Jul 14 10:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19543]: Disconnected from 159.223.37.230 port 52806 [preauth]
Jul 14 10:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.23.122.235  user=root
Jul 14 10:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19567]: Failed password for root from 102.23.122.235 port 4558 ssh2
Jul 14 10:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19567]: Received disconnect from 102.23.122.235 port 4558:11: Bye Bye [preauth]
Jul 14 10:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19567]: Disconnected from 102.23.122.235 port 4558 [preauth]
Jul 14 10:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.47.135.113  user=root
Jul 14 10:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19596]: Failed password for root from 103.47.135.113 port 47628 ssh2
Jul 14 10:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19596]: Received disconnect from 103.47.135.113 port 47628:11: Bye Bye [preauth]
Jul 14 10:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19596]: Disconnected from 103.47.135.113 port 47628 [preauth]
Jul 14 10:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.171.84.217  user=root
Jul 14 10:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19619]: Failed password for root from 103.171.84.217 port 47958 ssh2
Jul 14 10:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19619]: Received disconnect from 103.171.84.217 port 47958:11: Bye Bye [preauth]
Jul 14 10:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19619]: Disconnected from 103.171.84.217 port 47958 [preauth]
Jul 14 10:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.91.73.167  user=root
Jul 14 10:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19633]: Failed password for root from 210.91.73.167 port 32874 ssh2
Jul 14 10:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19633]: Received disconnect from 210.91.73.167 port 32874:11: Bye Bye [preauth]
Jul 14 10:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19633]: Disconnected from 210.91.73.167 port 32874 [preauth]
Jul 14 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19651]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19650]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19652]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19649]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19649]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19726]: Successful su for rubyman by root
Jul 14 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19726]: + ??? root:rubyman
Jul 14 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19726]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783864 of user rubyman.
Jul 14 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19726]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783864.
Jul 14 10:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16793]: pam_unix(cron:session): session closed for user root
Jul 14 10:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19650]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.96.172  user=root
Jul 14 10:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19908]: Failed password for root from 103.20.96.172 port 41238 ssh2
Jul 14 10:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19908]: Received disconnect from 103.20.96.172 port 41238:11: Bye Bye [preauth]
Jul 14 10:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19908]: Disconnected from 103.20.96.172 port 41238 [preauth]
Jul 14 10:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.190.104.66  user=root
Jul 14 10:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19925]: Failed password for root from 195.190.104.66 port 54580 ssh2
Jul 14 10:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19925]: Received disconnect from 195.190.104.66 port 54580:11: Bye Bye [preauth]
Jul 14 10:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19925]: Disconnected from 195.190.104.66 port 54580 [preauth]
Jul 14 10:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18731]: pam_unix(cron:session): session closed for user root
Jul 14 10:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.191.89.82  user=root
Jul 14 10:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.202  user=root
Jul 14 10:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20039]: Failed password for root from 160.191.89.82 port 42322 ssh2
Jul 14 10:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20039]: Received disconnect from 160.191.89.82 port 42322:11: Bye Bye [preauth]
Jul 14 10:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20039]: Disconnected from 160.191.89.82 port 42322 [preauth]
Jul 14 10:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20041]: Failed password for root from 14.225.220.202 port 48088 ssh2
Jul 14 10:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20041]: Received disconnect from 14.225.220.202 port 48088:11: Bye Bye [preauth]
Jul 14 10:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20041]: Disconnected from 14.225.220.202 port 48088 [preauth]
Jul 14 10:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.37.230  user=root
Jul 14 10:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20068]: Failed password for root from 159.223.37.230 port 60274 ssh2
Jul 14 10:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20068]: Received disconnect from 159.223.37.230 port 60274:11: Bye Bye [preauth]
Jul 14 10:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20068]: Disconnected from 159.223.37.230 port 60274 [preauth]
Jul 14 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20098]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20100]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20099]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20097]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20097]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20161]: Successful su for rubyman by root
Jul 14 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20161]: + ??? root:rubyman
Jul 14 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20161]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783867 of user rubyman.
Jul 14 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20161]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783867.
Jul 14 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.47.135.113  user=root
Jul 14 10:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20184]: Failed password for root from 103.47.135.113 port 56976 ssh2
Jul 14 10:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20184]: Received disconnect from 103.47.135.113 port 56976:11: Bye Bye [preauth]
Jul 14 10:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20184]: Disconnected from 103.47.135.113 port 56976 [preauth]
Jul 14 10:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17270]: pam_unix(cron:session): session closed for user root
Jul 14 10:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.23.122.235  user=root
Jul 14 10:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20098]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20326]: Failed password for root from 102.23.122.235 port 4559 ssh2
Jul 14 10:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20326]: Received disconnect from 102.23.122.235 port 4559:11: Bye Bye [preauth]
Jul 14 10:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20326]: Disconnected from 102.23.122.235 port 4559 [preauth]
Jul 14 10:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.190.104.66  user=root
Jul 14 10:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20358]: Failed password for root from 195.190.104.66 port 50444 ssh2
Jul 14 10:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20358]: Received disconnect from 195.190.104.66 port 50444:11: Bye Bye [preauth]
Jul 14 10:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20358]: Disconnected from 195.190.104.66 port 50444 [preauth]
Jul 14 10:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.171.84.217  user=root
Jul 14 10:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20385]: Failed password for root from 103.171.84.217 port 54806 ssh2
Jul 14 10:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.91.73.167  user=root
Jul 14 10:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20385]: Received disconnect from 103.171.84.217 port 54806:11: Bye Bye [preauth]
Jul 14 10:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20385]: Disconnected from 103.171.84.217 port 54806 [preauth]
Jul 14 10:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20398]: Failed password for root from 210.91.73.167 port 60410 ssh2
Jul 14 10:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20398]: Received disconnect from 210.91.73.167 port 60410:11: Bye Bye [preauth]
Jul 14 10:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20398]: Disconnected from 210.91.73.167 port 60410 [preauth]
Jul 14 10:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.96.172  user=root
Jul 14 10:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20429]: Failed password for root from 103.20.96.172 port 33144 ssh2
Jul 14 10:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20429]: Received disconnect from 103.20.96.172 port 33144:11: Bye Bye [preauth]
Jul 14 10:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20429]: Disconnected from 103.20.96.172 port 33144 [preauth]
Jul 14 10:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19195]: pam_unix(cron:session): session closed for user root
Jul 14 10:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20529]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20531]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20528]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20527]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20527]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.37.230  user=root
Jul 14 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20591]: Successful su for rubyman by root
Jul 14 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20591]: + ??? root:rubyman
Jul 14 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20591]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783871 of user rubyman.
Jul 14 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20591]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783871.
Jul 14 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.202  user=root
Jul 14 10:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20524]: Failed password for root from 159.223.37.230 port 45694 ssh2
Jul 14 10:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20524]: Received disconnect from 159.223.37.230 port 45694:11: Bye Bye [preauth]
Jul 14 10:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20524]: Disconnected from 159.223.37.230 port 45694 [preauth]
Jul 14 10:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20589]: Failed password for root from 14.225.220.202 port 42968 ssh2
Jul 14 10:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20589]: Received disconnect from 14.225.220.202 port 42968:11: Bye Bye [preauth]
Jul 14 10:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20589]: Disconnected from 14.225.220.202 port 42968 [preauth]
Jul 14 10:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17724]: pam_unix(cron:session): session closed for user root
Jul 14 10:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20768]: Invalid user picorv from 193.32.162.141
Jul 14 10:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20768]: input_userauth_request: invalid user picorv [preauth]
Jul 14 10:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20768]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 10:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.141
Jul 14 10:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20528]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20768]: Failed password for invalid user picorv from 193.32.162.141 port 57914 ssh2
Jul 14 10:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20768]: Connection closed by 193.32.162.141 port 57914 [preauth]
Jul 14 10:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.190.104.66  user=root
Jul 14 10:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20802]: Failed password for root from 195.190.104.66 port 46314 ssh2
Jul 14 10:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20802]: Received disconnect from 195.190.104.66 port 46314:11: Bye Bye [preauth]
Jul 14 10:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20802]: Disconnected from 195.190.104.66 port 46314 [preauth]
Jul 14 10:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.47.135.113  user=root
Jul 14 10:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20837]: Failed password for root from 103.47.135.113 port 52170 ssh2
Jul 14 10:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20837]: Received disconnect from 103.47.135.113 port 52170:11: Bye Bye [preauth]
Jul 14 10:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20837]: Disconnected from 103.47.135.113 port 52170 [preauth]
Jul 14 10:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19652]: pam_unix(cron:session): session closed for user root
Jul 14 10:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.23.122.235  user=root
Jul 14 10:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20912]: Failed password for root from 102.23.122.235 port 4560 ssh2
Jul 14 10:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20912]: Received disconnect from 102.23.122.235 port 4560:11: Bye Bye [preauth]
Jul 14 10:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20912]: Disconnected from 102.23.122.235 port 4560 [preauth]
Jul 14 10:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.191.89.82  user=root
Jul 14 10:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.96.172  user=root
Jul 14 10:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.91.73.167  user=root
Jul 14 10:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20944]: Failed password for root from 160.191.89.82 port 51568 ssh2
Jul 14 10:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: Failed password for root from 103.20.96.172 port 50624 ssh2
Jul 14 10:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20944]: Received disconnect from 160.191.89.82 port 51568:11: Bye Bye [preauth]
Jul 14 10:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20944]: Disconnected from 160.191.89.82 port 51568 [preauth]
Jul 14 10:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: Received disconnect from 103.20.96.172 port 50624:11: Bye Bye [preauth]
Jul 14 10:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: Disconnected from 103.20.96.172 port 50624 [preauth]
Jul 14 10:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20949]: Failed password for root from 210.91.73.167 port 59710 ssh2
Jul 14 10:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20949]: Received disconnect from 210.91.73.167 port 59710:11: Bye Bye [preauth]
Jul 14 10:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20949]: Disconnected from 210.91.73.167 port 59710 [preauth]
Jul 14 10:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.171.84.217  user=root
Jul 14 10:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20959]: Failed password for root from 103.171.84.217 port 56944 ssh2
Jul 14 10:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20959]: Received disconnect from 103.171.84.217 port 56944:11: Bye Bye [preauth]
Jul 14 10:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20959]: Disconnected from 103.171.84.217 port 56944 [preauth]
Jul 14 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20974]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20975]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20972]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20971]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20976]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20973]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20976]: pam_unix(cron:session): session closed for user root
Jul 14 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20971]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21038]: Successful su for rubyman by root
Jul 14 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21038]: + ??? root:rubyman
Jul 14 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21038]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783877 of user rubyman.
Jul 14 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21038]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783877.
Jul 14 10:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18273]: pam_unix(cron:session): session closed for user root
Jul 14 10:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20973]: pam_unix(cron:session): session closed for user root
Jul 14 10:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20972]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.190.104.66  user=root
Jul 14 10:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.37.230  user=root
Jul 14 10:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21327]: Failed password for root from 195.190.104.66 port 42202 ssh2
Jul 14 10:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21330]: Failed password for root from 159.223.37.230 port 55658 ssh2
Jul 14 10:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21327]: Received disconnect from 195.190.104.66 port 42202:11: Bye Bye [preauth]
Jul 14 10:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21327]: Disconnected from 195.190.104.66 port 42202 [preauth]
Jul 14 10:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21330]: Received disconnect from 159.223.37.230 port 55658:11: Bye Bye [preauth]
Jul 14 10:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21330]: Disconnected from 159.223.37.230 port 55658 [preauth]
Jul 14 10:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.202  user=root
Jul 14 10:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21340]: Failed password for root from 14.225.220.202 port 58258 ssh2
Jul 14 10:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21340]: Received disconnect from 14.225.220.202 port 58258:11: Bye Bye [preauth]
Jul 14 10:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21340]: Disconnected from 14.225.220.202 port 58258 [preauth]
Jul 14 10:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20100]: pam_unix(cron:session): session closed for user root
Jul 14 10:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.47.135.113  user=root
Jul 14 10:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21413]: Failed password for root from 103.47.135.113 port 34002 ssh2
Jul 14 10:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21413]: Received disconnect from 103.47.135.113 port 34002:11: Bye Bye [preauth]
Jul 14 10:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21413]: Disconnected from 103.47.135.113 port 34002 [preauth]
Jul 14 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21457]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21456]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21458]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21455]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21455]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21526]: Successful su for rubyman by root
Jul 14 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21526]: + ??? root:rubyman
Jul 14 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21526]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783880 of user rubyman.
Jul 14 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21526]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783880.
Jul 14 10:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18730]: pam_unix(cron:session): session closed for user root
Jul 14 10:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21456]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.96.172  user=root
Jul 14 10:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21867]: Failed password for root from 103.20.96.172 port 55108 ssh2
Jul 14 10:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21867]: Received disconnect from 103.20.96.172 port 55108:11: Bye Bye [preauth]
Jul 14 10:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21867]: Disconnected from 103.20.96.172 port 55108 [preauth]
Jul 14 10:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.190.104.66  user=root
Jul 14 10:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.23.122.235  user=root
Jul 14 10:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22056]: Failed password for root from 195.190.104.66 port 38060 ssh2
Jul 14 10:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22056]: Received disconnect from 195.190.104.66 port 38060:11: Bye Bye [preauth]
Jul 14 10:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22056]: Disconnected from 195.190.104.66 port 38060 [preauth]
Jul 14 10:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22054]: Failed password for root from 102.23.122.235 port 4561 ssh2
Jul 14 10:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22054]: Received disconnect from 102.23.122.235 port 4561:11: Bye Bye [preauth]
Jul 14 10:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22054]: Disconnected from 102.23.122.235 port 4561 [preauth]
Jul 14 10:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.91.73.167  user=root
Jul 14 10:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22087]: Failed password for root from 210.91.73.167 port 59014 ssh2
Jul 14 10:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22087]: Received disconnect from 210.91.73.167 port 59014:11: Bye Bye [preauth]
Jul 14 10:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22087]: Disconnected from 210.91.73.167 port 59014 [preauth]
Jul 14 10:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.171.84.217  user=root
Jul 14 10:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22116]: Failed password for root from 103.171.84.217 port 54920 ssh2
Jul 14 10:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22116]: Received disconnect from 103.171.84.217 port 54920:11: Bye Bye [preauth]
Jul 14 10:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22116]: Disconnected from 103.171.84.217 port 54920 [preauth]
Jul 14 10:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20531]: pam_unix(cron:session): session closed for user root
Jul 14 10:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.37.230  user=root
Jul 14 10:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22137]: Failed password for root from 159.223.37.230 port 47220 ssh2
Jul 14 10:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22137]: Received disconnect from 159.223.37.230 port 47220:11: Bye Bye [preauth]
Jul 14 10:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22137]: Disconnected from 159.223.37.230 port 47220 [preauth]
Jul 14 10:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.202  user=root
Jul 14 10:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22190]: Failed password for root from 14.225.220.202 port 53518 ssh2
Jul 14 10:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22190]: Received disconnect from 14.225.220.202 port 53518:11: Bye Bye [preauth]
Jul 14 10:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22190]: Disconnected from 14.225.220.202 port 53518 [preauth]
Jul 14 10:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.191.89.82  user=root
Jul 14 10:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22219]: Failed password for root from 160.191.89.82 port 47958 ssh2
Jul 14 10:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22219]: Received disconnect from 160.191.89.82 port 47958:11: Bye Bye [preauth]
Jul 14 10:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22219]: Disconnected from 160.191.89.82 port 47958 [preauth]
Jul 14 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22249]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22247]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22248]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22246]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22246]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22326]: Successful su for rubyman by root
Jul 14 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22326]: + ??? root:rubyman
Jul 14 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22326]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783885 of user rubyman.
Jul 14 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22326]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783885.
Jul 14 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.47.135.113  user=root
Jul 14 10:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19194]: pam_unix(cron:session): session closed for user root
Jul 14 10:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22363]: Failed password for root from 103.47.135.113 port 41730 ssh2
Jul 14 10:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22363]: Received disconnect from 103.47.135.113 port 41730:11: Bye Bye [preauth]
Jul 14 10:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22363]: Disconnected from 103.47.135.113 port 41730 [preauth]
Jul 14 10:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22247]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.190.104.66  user=root
Jul 14 10:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22597]: Failed password for root from 195.190.104.66 port 33914 ssh2
Jul 14 10:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22597]: Received disconnect from 195.190.104.66 port 33914:11: Bye Bye [preauth]
Jul 14 10:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22597]: Disconnected from 195.190.104.66 port 33914 [preauth]
Jul 14 10:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.96.172  user=root
Jul 14 10:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22643]: Failed password for root from 103.20.96.172 port 34956 ssh2
Jul 14 10:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22643]: Received disconnect from 103.20.96.172 port 34956:11: Bye Bye [preauth]
Jul 14 10:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22643]: Disconnected from 103.20.96.172 port 34956 [preauth]
Jul 14 10:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20975]: pam_unix(cron:session): session closed for user root
Jul 14 10:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.37.230  user=root
Jul 14 10:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.23.122.235  user=root
Jul 14 10:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22705]: Failed password for root from 159.223.37.230 port 33526 ssh2
Jul 14 10:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22705]: Received disconnect from 159.223.37.230 port 33526:11: Bye Bye [preauth]
Jul 14 10:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22705]: Disconnected from 159.223.37.230 port 33526 [preauth]
Jul 14 10:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22708]: Failed password for root from 102.23.122.235 port 4562 ssh2
Jul 14 10:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22708]: Received disconnect from 102.23.122.235 port 4562:11: Bye Bye [preauth]
Jul 14 10:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22708]: Disconnected from 102.23.122.235 port 4562 [preauth]
Jul 14 10:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.91.73.167  user=root
Jul 14 10:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22720]: Failed password for root from 210.91.73.167 port 58326 ssh2
Jul 14 10:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22720]: Received disconnect from 210.91.73.167 port 58326:11: Bye Bye [preauth]
Jul 14 10:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22720]: Disconnected from 210.91.73.167 port 58326 [preauth]
Jul 14 10:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.171.84.217  user=root
Jul 14 10:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22731]: Failed password for root from 103.171.84.217 port 57556 ssh2
Jul 14 10:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22731]: Received disconnect from 103.171.84.217 port 57556:11: Bye Bye [preauth]
Jul 14 10:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22731]: Disconnected from 103.171.84.217 port 57556 [preauth]
Jul 14 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22749]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22748]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22747]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22745]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22745]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22824]: Successful su for rubyman by root
Jul 14 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22824]: + ??? root:rubyman
Jul 14 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22824]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783888 of user rubyman.
Jul 14 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22824]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783888.
Jul 14 10:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.202  user=root
Jul 14 10:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19651]: pam_unix(cron:session): session closed for user root
Jul 14 10:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22914]: Failed password for root from 14.225.220.202 port 50492 ssh2
Jul 14 10:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22914]: Received disconnect from 14.225.220.202 port 50492:11: Bye Bye [preauth]
Jul 14 10:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22914]: Disconnected from 14.225.220.202 port 50492 [preauth]
Jul 14 10:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22747]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.190.104.66  user=root
Jul 14 10:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23067]: Failed password for root from 195.190.104.66 port 58006 ssh2
Jul 14 10:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23067]: Received disconnect from 195.190.104.66 port 58006:11: Bye Bye [preauth]
Jul 14 10:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23067]: Disconnected from 195.190.104.66 port 58006 [preauth]
Jul 14 10:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.47.135.113  user=root
Jul 14 10:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23089]: Failed password for root from 103.47.135.113 port 42082 ssh2
Jul 14 10:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23089]: Received disconnect from 103.47.135.113 port 42082:11: Bye Bye [preauth]
Jul 14 10:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23089]: Disconnected from 103.47.135.113 port 42082 [preauth]
Jul 14 10:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21458]: pam_unix(cron:session): session closed for user root
Jul 14 10:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.96.172  user=root
Jul 14 10:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23210]: Failed password for root from 103.20.96.172 port 51006 ssh2
Jul 14 10:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23210]: Received disconnect from 103.20.96.172 port 51006:11: Bye Bye [preauth]
Jul 14 10:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23210]: Disconnected from 103.20.96.172 port 51006 [preauth]
Jul 14 10:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.37.230  user=root
Jul 14 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23236]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23237]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23235]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23234]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23234]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23226]: Failed password for root from 159.223.37.230 port 42968 ssh2
Jul 14 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23226]: Received disconnect from 159.223.37.230 port 42968:11: Bye Bye [preauth]
Jul 14 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23226]: Disconnected from 159.223.37.230 port 42968 [preauth]
Jul 14 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23293]: Successful su for rubyman by root
Jul 14 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23293]: + ??? root:rubyman
Jul 14 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23293]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783894 of user rubyman.
Jul 14 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23293]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783894.
Jul 14 10:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20099]: pam_unix(cron:session): session closed for user root
Jul 14 10:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23235]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.190.104.66  user=root
Jul 14 10:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23590]: Failed password for root from 195.190.104.66 port 53864 ssh2
Jul 14 10:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23590]: Received disconnect from 195.190.104.66 port 53864:11: Bye Bye [preauth]
Jul 14 10:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23590]: Disconnected from 195.190.104.66 port 53864 [preauth]
Jul 14 10:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.91.73.167  user=root
Jul 14 10:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23623]: Failed password for root from 210.91.73.167 port 57622 ssh2
Jul 14 10:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23623]: Received disconnect from 210.91.73.167 port 57622:11: Bye Bye [preauth]
Jul 14 10:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23623]: Disconnected from 210.91.73.167 port 57622 [preauth]
Jul 14 10:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.23.122.235  user=root
Jul 14 10:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23625]: Failed password for root from 102.23.122.235 port 4563 ssh2
Jul 14 10:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23625]: Received disconnect from 102.23.122.235 port 4563:11: Bye Bye [preauth]
Jul 14 10:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23625]: Disconnected from 102.23.122.235 port 4563 [preauth]
Jul 14 10:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.171.84.217  user=root
Jul 14 10:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.202  user=root
Jul 14 10:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23635]: Failed password for root from 103.171.84.217 port 39646 ssh2
Jul 14 10:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23635]: Received disconnect from 103.171.84.217 port 39646:11: Bye Bye [preauth]
Jul 14 10:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23635]: Disconnected from 103.171.84.217 port 39646 [preauth]
Jul 14 10:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23637]: Failed password for root from 14.225.220.202 port 60752 ssh2
Jul 14 10:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23637]: Received disconnect from 14.225.220.202 port 60752:11: Bye Bye [preauth]
Jul 14 10:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23637]: Disconnected from 14.225.220.202 port 60752 [preauth]
Jul 14 10:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22249]: pam_unix(cron:session): session closed for user root
Jul 14 10:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.47.135.113  user=root
Jul 14 10:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23673]: Failed password for root from 103.47.135.113 port 41848 ssh2
Jul 14 10:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23673]: Received disconnect from 103.47.135.113 port 41848:11: Bye Bye [preauth]
Jul 14 10:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23673]: Disconnected from 103.47.135.113 port 41848 [preauth]
Jul 14 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23753]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23756]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23752]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23754]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23755]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23757]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23757]: pam_unix(cron:session): session closed for user root
Jul 14 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23752]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23929]: Successful su for rubyman by root
Jul 14 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23929]: + ??? root:rubyman
Jul 14 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23929]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783898 of user rubyman.
Jul 14 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23929]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783898.
Jul 14 10:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23754]: pam_unix(cron:session): session closed for user root
Jul 14 10:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20529]: pam_unix(cron:session): session closed for user root
Jul 14 10:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.190.104.66  user=root
Jul 14 10:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23753]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.96.172  user=root
Jul 14 10:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24147]: Failed password for root from 195.190.104.66 port 49718 ssh2
Jul 14 10:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24147]: Received disconnect from 195.190.104.66 port 49718:11: Bye Bye [preauth]
Jul 14 10:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24147]: Disconnected from 195.190.104.66 port 49718 [preauth]
Jul 14 10:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24155]: Failed password for root from 103.20.96.172 port 56628 ssh2
Jul 14 10:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24155]: Received disconnect from 103.20.96.172 port 56628:11: Bye Bye [preauth]
Jul 14 10:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24155]: Disconnected from 103.20.96.172 port 56628 [preauth]
Jul 14 10:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.37.230  user=root
Jul 14 10:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24180]: Failed password for root from 159.223.37.230 port 49372 ssh2
Jul 14 10:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24180]: Received disconnect from 159.223.37.230 port 49372:11: Bye Bye [preauth]
Jul 14 10:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24180]: Disconnected from 159.223.37.230 port 49372 [preauth]
Jul 14 10:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22749]: pam_unix(cron:session): session closed for user root
Jul 14 10:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.202  user=root
Jul 14 10:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.91.73.167  user=root
Jul 14 10:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24307]: Failed password for root from 14.225.220.202 port 54478 ssh2
Jul 14 10:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24307]: Received disconnect from 14.225.220.202 port 54478:11: Bye Bye [preauth]
Jul 14 10:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24307]: Disconnected from 14.225.220.202 port 54478 [preauth]
Jul 14 10:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24322]: Failed password for root from 210.91.73.167 port 56932 ssh2
Jul 14 10:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24322]: Received disconnect from 210.91.73.167 port 56932:11: Bye Bye [preauth]
Jul 14 10:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24322]: Disconnected from 210.91.73.167 port 56932 [preauth]
Jul 14 10:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.47.135.113  user=root
Jul 14 10:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.171.84.217  user=root
Jul 14 10:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24337]: Failed password for root from 103.47.135.113 port 42480 ssh2
Jul 14 10:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24337]: Received disconnect from 103.47.135.113 port 42480:11: Bye Bye [preauth]
Jul 14 10:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24337]: Disconnected from 103.47.135.113 port 42480 [preauth]
Jul 14 10:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24340]: Failed password for root from 103.171.84.217 port 59614 ssh2
Jul 14 10:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24340]: Received disconnect from 103.171.84.217 port 59614:11: Bye Bye [preauth]
Jul 14 10:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24340]: Disconnected from 103.171.84.217 port 59614 [preauth]
Jul 14 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24368]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24369]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24366]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24367]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24366]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24446]: Successful su for rubyman by root
Jul 14 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24446]: + ??? root:rubyman
Jul 14 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24446]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783903 of user rubyman.
Jul 14 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24446]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783903.
Jul 14 10:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20974]: pam_unix(cron:session): session closed for user root
Jul 14 10:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.191.89.82  user=root
Jul 14 10:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24367]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24638]: Failed password for root from 160.191.89.82 port 47872 ssh2
Jul 14 10:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24638]: Received disconnect from 160.191.89.82 port 47872:11: Bye Bye [preauth]
Jul 14 10:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24638]: Disconnected from 160.191.89.82 port 47872 [preauth]
Jul 14 10:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.190.104.66  user=root
Jul 14 10:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24671]: Failed password for root from 195.190.104.66 port 45608 ssh2
Jul 14 10:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24671]: Received disconnect from 195.190.104.66 port 45608:11: Bye Bye [preauth]
Jul 14 10:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24671]: Disconnected from 195.190.104.66 port 45608 [preauth]
Jul 14 10:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.37.230  user=root
Jul 14 10:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.96.172  user=root
Jul 14 10:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24734]: Failed password for root from 159.223.37.230 port 38356 ssh2
Jul 14 10:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24734]: Received disconnect from 159.223.37.230 port 38356:11: Bye Bye [preauth]
Jul 14 10:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24734]: Disconnected from 159.223.37.230 port 38356 [preauth]
Jul 14 10:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23237]: pam_unix(cron:session): session closed for user root
Jul 14 10:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24736]: Failed password for root from 103.20.96.172 port 51076 ssh2
Jul 14 10:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24736]: Received disconnect from 103.20.96.172 port 51076:11: Bye Bye [preauth]
Jul 14 10:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24736]: Disconnected from 103.20.96.172 port 51076 [preauth]
Jul 14 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24827]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24825]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24826]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24824]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24824]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24890]: Successful su for rubyman by root
Jul 14 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24890]: + ??? root:rubyman
Jul 14 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24890]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783907 of user rubyman.
Jul 14 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24890]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783907.
Jul 14 10:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21457]: pam_unix(cron:session): session closed for user root
Jul 14 10:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.47.135.113  user=root
Jul 14 10:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24825]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25072]: Failed password for root from 103.47.135.113 port 46614 ssh2
Jul 14 10:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25072]: Received disconnect from 103.47.135.113 port 46614:11: Bye Bye [preauth]
Jul 14 10:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25072]: Disconnected from 103.47.135.113 port 46614 [preauth]
Jul 14 10:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.202  user=root
Jul 14 10:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25093]: Failed password for root from 14.225.220.202 port 60458 ssh2
Jul 14 10:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25093]: Received disconnect from 14.225.220.202 port 60458:11: Bye Bye [preauth]
Jul 14 10:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25093]: Disconnected from 14.225.220.202 port 60458 [preauth]
Jul 14 10:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.91.73.167  user=root
Jul 14 10:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25113]: Failed password for root from 210.91.73.167 port 56236 ssh2
Jul 14 10:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25113]: Received disconnect from 210.91.73.167 port 56236:11: Bye Bye [preauth]
Jul 14 10:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25113]: Disconnected from 210.91.73.167 port 56236 [preauth]
Jul 14 10:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.190.104.66  user=root
Jul 14 10:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25125]: Failed password for root from 195.190.104.66 port 41486 ssh2
Jul 14 10:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25125]: Received disconnect from 195.190.104.66 port 41486:11: Bye Bye [preauth]
Jul 14 10:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25125]: Disconnected from 195.190.104.66 port 41486 [preauth]
Jul 14 10:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.171.84.217  user=root
Jul 14 10:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25136]: Failed password for root from 103.171.84.217 port 57198 ssh2
Jul 14 10:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25136]: Received disconnect from 103.171.84.217 port 57198:11: Bye Bye [preauth]
Jul 14 10:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25136]: Disconnected from 103.171.84.217 port 57198 [preauth]
Jul 14 10:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23756]: pam_unix(cron:session): session closed for user root
Jul 14 10:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.37.230  user=root
Jul 14 10:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.96.172  user=root
Jul 14 10:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25241]: Failed password for root from 159.223.37.230 port 47252 ssh2
Jul 14 10:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25241]: Received disconnect from 159.223.37.230 port 47252:11: Bye Bye [preauth]
Jul 14 10:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25241]: Disconnected from 159.223.37.230 port 47252 [preauth]
Jul 14 10:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25243]: Failed password for root from 103.20.96.172 port 51512 ssh2
Jul 14 10:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25243]: Received disconnect from 103.20.96.172 port 51512:11: Bye Bye [preauth]
Jul 14 10:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25243]: Disconnected from 103.20.96.172 port 51512 [preauth]
Jul 14 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25269]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25270]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25268]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25267]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25267]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25335]: Successful su for rubyman by root
Jul 14 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25335]: + ??? root:rubyman
Jul 14 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25335]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783910 of user rubyman.
Jul 14 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25335]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783910.
Jul 14 10:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22248]: pam_unix(cron:session): session closed for user root
Jul 14 10:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25268]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.190.104.66  user=root
Jul 14 10:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25575]: Failed password for root from 195.190.104.66 port 37344 ssh2
Jul 14 10:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25575]: Received disconnect from 195.190.104.66 port 37344:11: Bye Bye [preauth]
Jul 14 10:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25575]: Disconnected from 195.190.104.66 port 37344 [preauth]
Jul 14 10:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.47.135.113  user=root
Jul 14 10:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25604]: Failed password for root from 103.47.135.113 port 46148 ssh2
Jul 14 10:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25604]: Received disconnect from 103.47.135.113 port 46148:11: Bye Bye [preauth]
Jul 14 10:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25604]: Disconnected from 103.47.135.113 port 46148 [preauth]
Jul 14 10:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24369]: pam_unix(cron:session): session closed for user root
Jul 14 10:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.202  user=root
Jul 14 10:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25656]: Failed password for root from 14.225.220.202 port 60190 ssh2
Jul 14 10:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25656]: Received disconnect from 14.225.220.202 port 60190:11: Bye Bye [preauth]
Jul 14 10:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25656]: Disconnected from 14.225.220.202 port 60190 [preauth]
Jul 14 10:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.91.73.167  user=root
Jul 14 10:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25701]: Failed password for root from 210.91.73.167 port 55532 ssh2
Jul 14 10:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25701]: Received disconnect from 210.91.73.167 port 55532:11: Bye Bye [preauth]
Jul 14 10:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25701]: Disconnected from 210.91.73.167 port 55532 [preauth]
Jul 14 10:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.171.84.217  user=root
Jul 14 10:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25723]: Failed password for root from 103.171.84.217 port 35600 ssh2
Jul 14 10:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25723]: Received disconnect from 103.171.84.217 port 35600:11: Bye Bye [preauth]
Jul 14 10:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25723]: Disconnected from 103.171.84.217 port 35600 [preauth]
Jul 14 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25761]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25763]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25764]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25760]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25760]: pam_unix(cron:session): session closed for user p13x
Jul 14 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25837]: Successful su for rubyman by root
Jul 14 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25837]: + ??? root:rubyman
Jul 14 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25837]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783914 of user rubyman.
Jul 14 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25837]: pam_unix(su:session): session closed for user rubyman
Jul 14 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783914.
Jul 14 10:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22748]: pam_unix(cron:session): session closed for user root
Jul 14 10:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25761]: pam_unix(cron:session): session closed for user samftp
Jul 14 10:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.190.104.66  user=root
Jul 14 10:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.37.230  user=root
Jul 14 10:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26079]: Failed password for root from 195.190.104.66 port 33192 ssh2
Jul 14 10:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26088]: Failed password for root from 159.223.37.230 port 40980 ssh2
Jul 14 10:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26079]: Received disconnect from 195.190.104.66 port 33192:11: Bye Bye [preauth]
Jul 14 10:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26079]: Disconnected from 195.190.104.66 port 33192 [preauth]
Jul 14 10:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26088]: Received disconnect from 159.223.37.230 port 40980:11: Bye Bye [preauth]
Jul 14 10:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26088]: Disconnected from 159.223.37.230 port 40980 [preauth]
Jul 14 10:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.96.172  user=root
Jul 14 10:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26092]: Failed password for root from 103.20.96.172 port 33762 ssh2
Jul 14 10:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26092]: Received disconnect from 103.20.96.172 port 33762:11: Bye Bye [preauth]
Jul 14 10:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26092]: Disconnected from 103.20.96.172 port 33762 [preauth]
Jul 14 10:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24827]: pam_unix(cron:session): session closed for user root
Jul 14 10:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.47.135.113  user=root
Jul 14 10:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26168]: Failed password for root from 103.47.135.113 port 56908 ssh2
Jul 14 10:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26168]: Received disconnect from 103.47.135.113 port 56908:11: Bye Bye [preauth]
Jul 14 10:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26168]: Disconnected from 103.47.135.113 port 56908 [preauth]
Jul 14 10:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 10:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.202  user=root
Jul 14 10:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26210]: Failed password for root from 14.225.220.202 port 35720 ssh2
Jul 14 10:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26210]: Received disconnect from 14.225.220.202 port 35720:11: Bye Bye [preauth]
Jul 14 10:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26210]: Disconnected from 14.225.220.202 port 35720 [preauth]
Jul 14 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26223]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26224]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26226]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26228]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26225]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26221]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26222]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26228]: pam_unix(cron:session): session closed for user root
Jul 14 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26223]: pam_unix(cron:session): session closed for user root
Jul 14 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26221]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26334]: Successful su for rubyman by root
Jul 14 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26334]: + ??? root:rubyman
Jul 14 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26334]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783922 of user rubyman.
Jul 14 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26334]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783922.
Jul 14 11:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23236]: pam_unix(cron:session): session closed for user root
Jul 14 11:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26224]: pam_unix(cron:session): session closed for user root
Jul 14 11:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26222]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.91.73.167  user=root
Jul 14 11:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26639]: Failed password for root from 210.91.73.167 port 54840 ssh2
Jul 14 11:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26639]: Received disconnect from 210.91.73.167 port 54840:11: Bye Bye [preauth]
Jul 14 11:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26639]: Disconnected from 210.91.73.167 port 54840 [preauth]
Jul 14 11:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.190.104.66  user=root
Jul 14 11:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26660]: Failed password for root from 195.190.104.66 port 57288 ssh2
Jul 14 11:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26660]: Received disconnect from 195.190.104.66 port 57288:11: Bye Bye [preauth]
Jul 14 11:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26660]: Disconnected from 195.190.104.66 port 57288 [preauth]
Jul 14 11:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.191.89.82  user=root
Jul 14 11:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26690]: Failed password for root from 160.191.89.82 port 37680 ssh2
Jul 14 11:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26690]: Received disconnect from 160.191.89.82 port 37680:11: Bye Bye [preauth]
Jul 14 11:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26690]: Disconnected from 160.191.89.82 port 37680 [preauth]
Jul 14 11:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.80.6  user=root
Jul 14 11:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.171.84.217  user=root
Jul 14 11:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26693]: Failed password for root from 102.210.80.6 port 33236 ssh2
Jul 14 11:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26693]: Received disconnect from 102.210.80.6 port 33236:11: Bye Bye [preauth]
Jul 14 11:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26693]: Disconnected from 102.210.80.6 port 33236 [preauth]
Jul 14 11:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26706]: Failed password for root from 103.171.84.217 port 58560 ssh2
Jul 14 11:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26706]: Received disconnect from 103.171.84.217 port 58560:11: Bye Bye [preauth]
Jul 14 11:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26706]: Disconnected from 103.171.84.217 port 58560 [preauth]
Jul 14 11:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25270]: pam_unix(cron:session): session closed for user root
Jul 14 11:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26807]: Invalid user  from 104.248.158.38
Jul 14 11:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26807]: input_userauth_request: invalid user  [preauth]
Jul 14 11:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.37.230  user=root
Jul 14 11:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26810]: Failed password for root from 159.223.37.230 port 54068 ssh2
Jul 14 11:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26810]: Received disconnect from 159.223.37.230 port 54068:11: Bye Bye [preauth]
Jul 14 11:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26810]: Disconnected from 159.223.37.230 port 54068 [preauth]
Jul 14 11:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.96.172  user=root
Jul 14 11:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26807]: Connection closed by 104.248.158.38 port 37572 [preauth]
Jul 14 11:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26837]: Failed password for root from 103.20.96.172 port 57194 ssh2
Jul 14 11:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26837]: Received disconnect from 103.20.96.172 port 57194:11: Bye Bye [preauth]
Jul 14 11:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26837]: Disconnected from 103.20.96.172 port 57194 [preauth]
Jul 14 11:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.47.135.113  user=root
Jul 14 11:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26896]: Failed password for root from 103.47.135.113 port 44752 ssh2
Jul 14 11:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26896]: Received disconnect from 103.47.135.113 port 44752:11: Bye Bye [preauth]
Jul 14 11:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26896]: Disconnected from 103.47.135.113 port 44752 [preauth]
Jul 14 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26916]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26917]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26918]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26909]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26909]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27048]: Successful su for rubyman by root
Jul 14 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27048]: + ??? root:rubyman
Jul 14 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27048]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783927 of user rubyman.
Jul 14 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27048]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783927.
Jul 14 11:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23755]: pam_unix(cron:session): session closed for user root
Jul 14 11:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26916]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.190.104.66  user=root
Jul 14 11:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27324]: Failed password for root from 195.190.104.66 port 53168 ssh2
Jul 14 11:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27324]: Received disconnect from 195.190.104.66 port 53168:11: Bye Bye [preauth]
Jul 14 11:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27324]: Disconnected from 195.190.104.66 port 53168 [preauth]
Jul 14 11:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.202  user=root
Jul 14 11:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27332]: Failed password for root from 14.225.220.202 port 38952 ssh2
Jul 14 11:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27332]: Received disconnect from 14.225.220.202 port 38952:11: Bye Bye [preauth]
Jul 14 11:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27332]: Disconnected from 14.225.220.202 port 38952 [preauth]
Jul 14 11:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25764]: pam_unix(cron:session): session closed for user root
Jul 14 11:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.91.73.167  user=root
Jul 14 11:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27470]: Failed password for root from 210.91.73.167 port 54154 ssh2
Jul 14 11:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27470]: Received disconnect from 210.91.73.167 port 54154:11: Bye Bye [preauth]
Jul 14 11:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27470]: Disconnected from 210.91.73.167 port 54154 [preauth]
Jul 14 11:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.37.230  user=root
Jul 14 11:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27528]: Failed password for root from 159.223.37.230 port 59372 ssh2
Jul 14 11:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27528]: Received disconnect from 159.223.37.230 port 59372:11: Bye Bye [preauth]
Jul 14 11:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27528]: Disconnected from 159.223.37.230 port 59372 [preauth]
Jul 14 11:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.171.84.217  user=root
Jul 14 11:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Jul 14 11:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:104.155.20.12
Jul 14 11:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27547]: Failed password for root from 103.171.84.217 port 55012 ssh2
Jul 14 11:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27547]: Received disconnect from 103.171.84.217 port 55012:11: Bye Bye [preauth]
Jul 14 11:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27547]: Disconnected from 103.171.84.217 port 55012 [preauth]
Jul 14 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27577]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27579]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27578]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27576]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27576]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27646]: Successful su for rubyman by root
Jul 14 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27646]: + ??? root:rubyman
Jul 14 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27646]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783929 of user rubyman.
Jul 14 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27646]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783929.
Jul 14 11:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24368]: pam_unix(cron:session): session closed for user root
Jul 14 11:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.96.172  user=root
Jul 14 11:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27577]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27833]: Failed password for root from 103.20.96.172 port 46956 ssh2
Jul 14 11:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27833]: Received disconnect from 103.20.96.172 port 46956:11: Bye Bye [preauth]
Jul 14 11:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27833]: Disconnected from 103.20.96.172 port 46956 [preauth]
Jul 14 11:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.47.135.113  user=root
Jul 14 11:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27889]: Failed password for root from 103.47.135.113 port 56676 ssh2
Jul 14 11:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27889]: Received disconnect from 103.47.135.113 port 56676:11: Bye Bye [preauth]
Jul 14 11:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27889]: Disconnected from 103.47.135.113 port 56676 [preauth]
Jul 14 11:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.191.89.82  user=root
Jul 14 11:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27932]: Failed password for root from 160.191.89.82 port 46222 ssh2
Jul 14 11:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27932]: Received disconnect from 160.191.89.82 port 46222:11: Bye Bye [preauth]
Jul 14 11:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27932]: Disconnected from 160.191.89.82 port 46222 [preauth]
Jul 14 11:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26226]: pam_unix(cron:session): session closed for user root
Jul 14 11:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.202  user=root
Jul 14 11:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28004]: Failed password for root from 14.225.220.202 port 46732 ssh2
Jul 14 11:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28004]: Received disconnect from 14.225.220.202 port 46732:11: Bye Bye [preauth]
Jul 14 11:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28004]: Disconnected from 14.225.220.202 port 46732 [preauth]
Jul 14 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28035]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28036]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28033]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28034]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28033]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28096]: Successful su for rubyman by root
Jul 14 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28096]: + ??? root:rubyman
Jul 14 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28096]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783934 of user rubyman.
Jul 14 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28096]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783934.
Jul 14 11:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24826]: pam_unix(cron:session): session closed for user root
Jul 14 11:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.91.73.167  user=root
Jul 14 11:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28034]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28272]: Failed password for root from 210.91.73.167 port 53454 ssh2
Jul 14 11:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28272]: Received disconnect from 210.91.73.167 port 53454:11: Bye Bye [preauth]
Jul 14 11:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28272]: Disconnected from 210.91.73.167 port 53454 [preauth]
Jul 14 11:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.171.84.217  user=root
Jul 14 11:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26918]: pam_unix(cron:session): session closed for user root
Jul 14 11:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28376]: Failed password for root from 103.171.84.217 port 40720 ssh2
Jul 14 11:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28376]: Received disconnect from 103.171.84.217 port 40720:11: Bye Bye [preauth]
Jul 14 11:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28376]: Disconnected from 103.171.84.217 port 40720 [preauth]
Jul 14 11:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.47.135.113  user=root
Jul 14 11:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.96.172  user=root
Jul 14 11:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28395]: Failed password for root from 103.47.135.113 port 46902 ssh2
Jul 14 11:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28412]: Failed password for root from 103.20.96.172 port 36830 ssh2
Jul 14 11:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28395]: Received disconnect from 103.47.135.113 port 46902:11: Bye Bye [preauth]
Jul 14 11:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28395]: Disconnected from 103.47.135.113 port 46902 [preauth]
Jul 14 11:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28412]: Received disconnect from 103.20.96.172 port 36830:11: Bye Bye [preauth]
Jul 14 11:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28412]: Disconnected from 103.20.96.172 port 36830 [preauth]
Jul 14 11:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28427]: Invalid user firewall from 190.103.202.7
Jul 14 11:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28427]: input_userauth_request: invalid user firewall [preauth]
Jul 14 11:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28427]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 11:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Jul 14 11:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28427]: Failed password for invalid user firewall from 190.103.202.7 port 60600 ssh2
Jul 14 11:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28427]: Connection closed by 190.103.202.7 port 60600 [preauth]
Jul 14 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28491]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28490]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28489]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28488]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28488]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28551]: Successful su for rubyman by root
Jul 14 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28551]: + ??? root:rubyman
Jul 14 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28551]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783937 of user rubyman.
Jul 14 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28551]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783937.
Jul 14 11:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25269]: pam_unix(cron:session): session closed for user root
Jul 14 11:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28489]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.202  user=root
Jul 14 11:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28737]: Failed password for root from 14.225.220.202 port 58668 ssh2
Jul 14 11:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28737]: Received disconnect from 14.225.220.202 port 58668:11: Bye Bye [preauth]
Jul 14 11:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28737]: Disconnected from 14.225.220.202 port 58668 [preauth]
Jul 14 11:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27579]: pam_unix(cron:session): session closed for user root
Jul 14 11:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.91.73.167  user=root
Jul 14 11:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.191.89.82  user=root
Jul 14 11:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28838]: Failed password for root from 210.91.73.167 port 52762 ssh2
Jul 14 11:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28838]: Received disconnect from 210.91.73.167 port 52762:11: Bye Bye [preauth]
Jul 14 11:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28838]: Disconnected from 210.91.73.167 port 52762 [preauth]
Jul 14 11:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28840]: Failed password for root from 160.191.89.82 port 55442 ssh2
Jul 14 11:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28840]: Received disconnect from 160.191.89.82 port 55442:11: Bye Bye [preauth]
Jul 14 11:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28840]: Disconnected from 160.191.89.82 port 55442 [preauth]
Jul 14 11:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.47.135.113  user=root
Jul 14 11:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28897]: Failed password for root from 103.47.135.113 port 6155 ssh2
Jul 14 11:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28897]: Received disconnect from 103.47.135.113 port 6155:11: Bye Bye [preauth]
Jul 14 11:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28897]: Disconnected from 103.47.135.113 port 6155 [preauth]
Jul 14 11:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.96.172  user=root
Jul 14 11:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28920]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28914]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28919]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28917]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28916]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28915]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28920]: pam_unix(cron:session): session closed for user root
Jul 14 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.171.84.217  user=root
Jul 14 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28914]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28909]: Failed password for root from 103.20.96.172 port 49832 ssh2
Jul 14 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28909]: Received disconnect from 103.20.96.172 port 49832:11: Bye Bye [preauth]
Jul 14 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28909]: Disconnected from 103.20.96.172 port 49832 [preauth]
Jul 14 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28987]: Successful su for rubyman by root
Jul 14 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28987]: + ??? root:rubyman
Jul 14 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28987]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783944 of user rubyman.
Jul 14 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28987]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783944.
Jul 14 11:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28911]: Failed password for root from 103.171.84.217 port 43638 ssh2
Jul 14 11:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28911]: Received disconnect from 103.171.84.217 port 43638:11: Bye Bye [preauth]
Jul 14 11:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28911]: Disconnected from 103.171.84.217 port 43638 [preauth]
Jul 14 11:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28916]: pam_unix(cron:session): session closed for user root
Jul 14 11:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25763]: pam_unix(cron:session): session closed for user root
Jul 14 11:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28915]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28036]: pam_unix(cron:session): session closed for user root
Jul 14 11:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29402]: Invalid user cyrus from 80.94.95.15
Jul 14 11:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29402]: input_userauth_request: invalid user cyrus [preauth]
Jul 14 11:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29402]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 11:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.15
Jul 14 11:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29402]: Failed password for invalid user cyrus from 80.94.95.15 port 25046 ssh2
Jul 14 11:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29402]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 11:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29402]: Failed password for invalid user cyrus from 80.94.95.15 port 25046 ssh2
Jul 14 11:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29402]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 11:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29402]: Failed password for invalid user cyrus from 80.94.95.15 port 25046 ssh2
Jul 14 11:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29402]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 11:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29402]: Failed password for invalid user cyrus from 80.94.95.15 port 25046 ssh2
Jul 14 11:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29402]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 11:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29402]: Failed password for invalid user cyrus from 80.94.95.15 port 25046 ssh2
Jul 14 11:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29402]: Received disconnect from 80.94.95.15 port 25046:11: Bye [preauth]
Jul 14 11:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29402]: Disconnected from 80.94.95.15 port 25046 [preauth]
Jul 14 11:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29402]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.15
Jul 14 11:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29402]: PAM service(sshd) ignoring max retries; 5 > 3
Jul 14 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29476]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29477]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29474]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29475]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29474]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.91.73.167  user=root
Jul 14 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29548]: Successful su for rubyman by root
Jul 14 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29548]: + ??? root:rubyman
Jul 14 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29548]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783949 of user rubyman.
Jul 14 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29548]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783949.
Jul 14 11:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29471]: Failed password for root from 210.91.73.167 port 52066 ssh2
Jul 14 11:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29471]: Received disconnect from 210.91.73.167 port 52066:11: Bye Bye [preauth]
Jul 14 11:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29471]: Disconnected from 210.91.73.167 port 52066 [preauth]
Jul 14 11:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26225]: pam_unix(cron:session): session closed for user root
Jul 14 11:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29475]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.47.135.113  user=root
Jul 14 11:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29762]: Failed password for root from 103.47.135.113 port 36094 ssh2
Jul 14 11:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29762]: Received disconnect from 103.47.135.113 port 36094:11: Bye Bye [preauth]
Jul 14 11:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29762]: Disconnected from 103.47.135.113 port 36094 [preauth]
Jul 14 11:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.171.84.217  user=root
Jul 14 11:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29812]: Failed password for root from 103.171.84.217 port 45522 ssh2
Jul 14 11:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29812]: Received disconnect from 103.171.84.217 port 45522:11: Bye Bye [preauth]
Jul 14 11:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29812]: Disconnected from 103.171.84.217 port 45522 [preauth]
Jul 14 11:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28491]: pam_unix(cron:session): session closed for user root
Jul 14 11:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.191.89.82  user=root
Jul 14 11:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29856]: Failed password for root from 160.191.89.82 port 44374 ssh2
Jul 14 11:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29856]: Received disconnect from 160.191.89.82 port 44374:11: Bye Bye [preauth]
Jul 14 11:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29856]: Disconnected from 160.191.89.82 port 44374 [preauth]
Jul 14 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29915]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29914]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29917]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29913]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29913]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29982]: Successful su for rubyman by root
Jul 14 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29982]: + ??? root:rubyman
Jul 14 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29982]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783951 of user rubyman.
Jul 14 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29982]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783951.
Jul 14 11:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26917]: pam_unix(cron:session): session closed for user root
Jul 14 11:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29914]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.47.135.113  user=root
Jul 14 11:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.91.73.167  user=root
Jul 14 11:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30235]: Failed password for root from 103.47.135.113 port 46668 ssh2
Jul 14 11:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30235]: Received disconnect from 103.47.135.113 port 46668:11: Bye Bye [preauth]
Jul 14 11:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30235]: Disconnected from 103.47.135.113 port 46668 [preauth]
Jul 14 11:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30237]: Failed password for root from 210.91.73.167 port 51364 ssh2
Jul 14 11:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30237]: Received disconnect from 210.91.73.167 port 51364:11: Bye Bye [preauth]
Jul 14 11:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30237]: Disconnected from 210.91.73.167 port 51364 [preauth]
Jul 14 11:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28919]: pam_unix(cron:session): session closed for user root
Jul 14 11:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30254]: Connection closed by 45.79.128.205 port 25452 [preauth]
Jul 14 11:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30269]: Connection closed by 45.79.128.205 port 25454 [preauth]
Jul 14 11:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30281]: fatal: Unable to negotiate with 45.79.128.205 port 25468: no matching host key type found. Their offer: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519 [preauth]
Jul 14 11:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.171.84.217  user=root
Jul 14 11:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30324]: Failed password for root from 103.171.84.217 port 34070 ssh2
Jul 14 11:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30324]: Received disconnect from 103.171.84.217 port 34070:11: Bye Bye [preauth]
Jul 14 11:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30324]: Disconnected from 103.171.84.217 port 34070 [preauth]
Jul 14 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30341]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30338]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30340]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30339]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30338]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30402]: Successful su for rubyman by root
Jul 14 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30402]: + ??? root:rubyman
Jul 14 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30402]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783956 of user rubyman.
Jul 14 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30402]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783956.
Jul 14 11:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27578]: pam_unix(cron:session): session closed for user root
Jul 14 11:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30339]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29477]: pam_unix(cron:session): session closed for user root
Jul 14 11:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.191.89.82  user=root
Jul 14 11:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.47.135.113  user=root
Jul 14 11:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30726]: Failed password for root from 160.191.89.82 port 43028 ssh2
Jul 14 11:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30726]: Received disconnect from 160.191.89.82 port 43028:11: Bye Bye [preauth]
Jul 14 11:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30726]: Disconnected from 160.191.89.82 port 43028 [preauth]
Jul 14 11:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30730]: Failed password for root from 103.47.135.113 port 42750 ssh2
Jul 14 11:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30730]: Received disconnect from 103.47.135.113 port 42750:11: Bye Bye [preauth]
Jul 14 11:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30730]: Disconnected from 103.47.135.113 port 42750 [preauth]
Jul 14 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30763]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30764]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30762]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30761]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30758]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30761]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30919]: Successful su for rubyman by root
Jul 14 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30919]: + ??? root:rubyman
Jul 14 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30919]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783960 of user rubyman.
Jul 14 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30919]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783960.
Jul 14 11:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30758]: pam_unix(cron:session): session closed for user root
Jul 14 11:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
Jul 14 11:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28035]: pam_unix(cron:session): session closed for user root
Jul 14 11:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31195]: Invalid user username from 80.94.95.15
Jul 14 11:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31195]: input_userauth_request: invalid user username [preauth]
Jul 14 11:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31195]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 11:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.15
Jul 14 11:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31126]: Failed password for root from 164.68.105.9 port 36602 ssh2
Jul 14 11:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31126]: Connection closed by 164.68.105.9 port 36602 [preauth]
Jul 14 11:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30762]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31195]: Failed password for invalid user username from 80.94.95.15 port 47957 ssh2
Jul 14 11:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31195]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 11:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31195]: Failed password for invalid user username from 80.94.95.15 port 47957 ssh2
Jul 14 11:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31195]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 11:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31195]: Failed password for invalid user username from 80.94.95.15 port 47957 ssh2
Jul 14 11:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31195]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 11:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31195]: Failed password for invalid user username from 80.94.95.15 port 47957 ssh2
Jul 14 11:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31195]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 11:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31195]: Failed password for invalid user username from 80.94.95.15 port 47957 ssh2
Jul 14 11:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31195]: Received disconnect from 80.94.95.15 port 47957:11: Bye [preauth]
Jul 14 11:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31195]: Disconnected from 80.94.95.15 port 47957 [preauth]
Jul 14 11:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31195]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.15
Jul 14 11:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31195]: PAM service(sshd) ignoring max retries; 5 > 3
Jul 14 11:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.171.84.217  user=root
Jul 14 11:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31291]: Failed password for root from 103.171.84.217 port 47758 ssh2
Jul 14 11:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31291]: Received disconnect from 103.171.84.217 port 47758:11: Bye Bye [preauth]
Jul 14 11:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31291]: Disconnected from 103.171.84.217 port 47758 [preauth]
Jul 14 11:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29917]: pam_unix(cron:session): session closed for user root
Jul 14 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31389]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31387]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31386]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31385]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31390]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31388]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31390]: pam_unix(cron:session): session closed for user root
Jul 14 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31385]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31456]: Successful su for rubyman by root
Jul 14 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31456]: + ??? root:rubyman
Jul 14 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31456]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783966 of user rubyman.
Jul 14 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31456]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783966.
Jul 14 11:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31387]: pam_unix(cron:session): session closed for user root
Jul 14 11:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28490]: pam_unix(cron:session): session closed for user root
Jul 14 11:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31386]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30341]: pam_unix(cron:session): session closed for user root
Jul 14 11:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.171.84.217  user=root
Jul 14 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31894]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31895]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31891]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31888]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31888]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32061]: Successful su for rubyman by root
Jul 14 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32061]: + ??? root:rubyman
Jul 14 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32061]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783971 of user rubyman.
Jul 14 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32061]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783971.
Jul 14 11:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31882]: Failed password for root from 103.171.84.217 port 42614 ssh2
Jul 14 11:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31882]: Received disconnect from 103.171.84.217 port 42614:11: Bye Bye [preauth]
Jul 14 11:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31882]: Disconnected from 103.171.84.217 port 42614 [preauth]
Jul 14 11:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28917]: pam_unix(cron:session): session closed for user root
Jul 14 11:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.191.89.82  user=root
Jul 14 11:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31891]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32427]: Failed password for root from 160.191.89.82 port 39454 ssh2
Jul 14 11:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32427]: Received disconnect from 160.191.89.82 port 39454:11: Bye Bye [preauth]
Jul 14 11:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32427]: Disconnected from 160.191.89.82 port 39454 [preauth]
Jul 14 11:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30764]: pam_unix(cron:session): session closed for user root
Jul 14 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32726]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32725]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32722]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32723]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32722]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[329]: Successful su for rubyman by root
Jul 14 11:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[329]: + ??? root:rubyman
Jul 14 11:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[329]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783975 of user rubyman.
Jul 14 11:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[329]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783975.
Jul 14 11:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29476]: pam_unix(cron:session): session closed for user root
Jul 14 11:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32723]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.171.84.217  user=root
Jul 14 11:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[669]: Failed password for root from 103.171.84.217 port 46088 ssh2
Jul 14 11:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[669]: Received disconnect from 103.171.84.217 port 46088:11: Bye Bye [preauth]
Jul 14 11:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[669]: Disconnected from 103.171.84.217 port 46088 [preauth]
Jul 14 11:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31389]: pam_unix(cron:session): session closed for user root
Jul 14 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[786]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[783]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[780]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[785]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[780]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[864]: Successful su for rubyman by root
Jul 14 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[864]: + ??? root:rubyman
Jul 14 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[864]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783978 of user rubyman.
Jul 14 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[864]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783978.
Jul 14 11:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29915]: pam_unix(cron:session): session closed for user root
Jul 14 11:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[783]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31895]: pam_unix(cron:session): session closed for user root
Jul 14 11:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.171.84.217  user=root
Jul 14 11:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1286]: Failed password for root from 103.171.84.217 port 50028 ssh2
Jul 14 11:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1286]: Received disconnect from 103.171.84.217 port 50028:11: Bye Bye [preauth]
Jul 14 11:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1286]: Disconnected from 103.171.84.217 port 50028 [preauth]
Jul 14 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1305]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1304]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1303]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1302]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1302]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1371]: Successful su for rubyman by root
Jul 14 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1371]: + ??? root:rubyman
Jul 14 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1371]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783982 of user rubyman.
Jul 14 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1371]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783982.
Jul 14 11:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30340]: pam_unix(cron:session): session closed for user root
Jul 14 11:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1303]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32726]: pam_unix(cron:session): session closed for user root
Jul 14 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1822]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1819]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1820]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1815]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1814]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1816]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1822]: pam_unix(cron:session): session closed for user root
Jul 14 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1814]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1892]: Successful su for rubyman by root
Jul 14 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1892]: + ??? root:rubyman
Jul 14 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1892]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783988 of user rubyman.
Jul 14 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1892]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783988.
Jul 14 11:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1816]: pam_unix(cron:session): session closed for user root
Jul 14 11:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.80.6  user=root
Jul 14 11:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30763]: pam_unix(cron:session): session closed for user root
Jul 14 11:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2076]: Failed password for root from 102.210.80.6 port 49599 ssh2
Jul 14 11:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2076]: Received disconnect from 102.210.80.6 port 49599:11: Bye Bye [preauth]
Jul 14 11:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2076]: Disconnected from 102.210.80.6 port 49599 [preauth]
Jul 14 11:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1815]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.171.84.217  user=root
Jul 14 11:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2266]: Failed password for root from 103.171.84.217 port 35180 ssh2
Jul 14 11:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2266]: Received disconnect from 103.171.84.217 port 35180:11: Bye Bye [preauth]
Jul 14 11:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2266]: Disconnected from 103.171.84.217 port 35180 [preauth]
Jul 14 11:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[786]: pam_unix(cron:session): session closed for user root
Jul 14 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2359]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2358]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2357]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2356]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2356]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2446]: Successful su for rubyman by root
Jul 14 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2446]: + ??? root:rubyman
Jul 14 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2446]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783992 of user rubyman.
Jul 14 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2446]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783992.
Jul 14 11:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31388]: pam_unix(cron:session): session closed for user root
Jul 14 11:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2357]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1305]: pam_unix(cron:session): session closed for user root
Jul 14 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2834]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2833]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2835]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2832]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2830]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2830]: pam_unix(cron:session): session closed for user root
Jul 14 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2832]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2907]: Successful su for rubyman by root
Jul 14 11:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2907]: + ??? root:rubyman
Jul 14 11:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2907]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 783999 of user rubyman.
Jul 14 11:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2907]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 783999.
Jul 14 11:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.171.84.217  user=root
Jul 14 11:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2828]: Failed password for root from 103.171.84.217 port 47422 ssh2
Jul 14 11:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2828]: Received disconnect from 103.171.84.217 port 47422:11: Bye Bye [preauth]
Jul 14 11:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2828]: Disconnected from 103.171.84.217 port 47422 [preauth]
Jul 14 11:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31894]: pam_unix(cron:session): session closed for user root
Jul 14 11:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2833]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1820]: pam_unix(cron:session): session closed for user root
Jul 14 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3281]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3282]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3280]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3279]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3279]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3346]: Successful su for rubyman by root
Jul 14 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3346]: + ??? root:rubyman
Jul 14 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3346]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784002 of user rubyman.
Jul 14 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3346]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784002.
Jul 14 11:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32725]: pam_unix(cron:session): session closed for user root
Jul 14 11:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3280]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2359]: pam_unix(cron:session): session closed for user root
Jul 14 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3759]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3753]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3758]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3752]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3752]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3823]: Successful su for rubyman by root
Jul 14 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3823]: + ??? root:rubyman
Jul 14 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3823]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784005 of user rubyman.
Jul 14 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3823]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784005.
Jul 14 11:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3921]: fatal: Unable to negotiate with 114.67.80.147 port 42686: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 [preauth]
Jul 14 11:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[785]: pam_unix(cron:session): session closed for user root
Jul 14 11:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3753]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2835]: pam_unix(cron:session): session closed for user root
Jul 14 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4218]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4217]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4221]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4219]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4222]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4220]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4222]: pam_unix(cron:session): session closed for user root
Jul 14 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4217]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4555]: Successful su for rubyman by root
Jul 14 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4555]: + ??? root:rubyman
Jul 14 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4555]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784013 of user rubyman.
Jul 14 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4555]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784013.
Jul 14 11:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1304]: pam_unix(cron:session): session closed for user root
Jul 14 11:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4219]: pam_unix(cron:session): session closed for user root
Jul 14 11:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4218]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3282]: pam_unix(cron:session): session closed for user root
Jul 14 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4976]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4975]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4974]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4973]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4973]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5242]: Successful su for rubyman by root
Jul 14 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5242]: + ??? root:rubyman
Jul 14 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5242]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784016 of user rubyman.
Jul 14 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5242]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784016.
Jul 14 11:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1819]: pam_unix(cron:session): session closed for user root
Jul 14 11:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4974]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3759]: pam_unix(cron:session): session closed for user root
Jul 14 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5669]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5667]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5668]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5666]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5666]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5739]: Successful su for rubyman by root
Jul 14 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5739]: + ??? root:rubyman
Jul 14 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5739]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784019 of user rubyman.
Jul 14 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5739]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784019.
Jul 14 11:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2358]: pam_unix(cron:session): session closed for user root
Jul 14 11:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5667]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4221]: pam_unix(cron:session): session closed for user root
Jul 14 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6212]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6211]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6213]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6210]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6210]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6279]: Successful su for rubyman by root
Jul 14 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6279]: + ??? root:rubyman
Jul 14 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6279]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784023 of user rubyman.
Jul 14 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6279]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784023.
Jul 14 11:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2834]: pam_unix(cron:session): session closed for user root
Jul 14 11:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6211]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4976]: pam_unix(cron:session): session closed for user root
Jul 14 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6629]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6633]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6627]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6630]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6627]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6704]: Successful su for rubyman by root
Jul 14 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6704]: + ??? root:rubyman
Jul 14 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6704]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784027 of user rubyman.
Jul 14 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6704]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784027.
Jul 14 11:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3281]: pam_unix(cron:session): session closed for user root
Jul 14 11:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6629]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5669]: pam_unix(cron:session): session closed for user root
Jul 14 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7171]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7170]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7169]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7167]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7175]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7173]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7175]: pam_unix(cron:session): session closed for user root
Jul 14 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7167]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7250]: Successful su for rubyman by root
Jul 14 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7250]: + ??? root:rubyman
Jul 14 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7250]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784036 of user rubyman.
Jul 14 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7250]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784036.
Jul 14 11:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7170]: pam_unix(cron:session): session closed for user root
Jul 14 11:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3758]: pam_unix(cron:session): session closed for user root
Jul 14 11:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7169]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6213]: pam_unix(cron:session): session closed for user root
Jul 14 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7740]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7739]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7738]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7737]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7737]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7819]: Successful su for rubyman by root
Jul 14 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7819]: + ??? root:rubyman
Jul 14 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7819]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784037 of user rubyman.
Jul 14 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7819]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784037.
Jul 14 11:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4220]: pam_unix(cron:session): session closed for user root
Jul 14 11:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7738]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6633]: pam_unix(cron:session): session closed for user root
Jul 14 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8300]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8299]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8298]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8297]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8297]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8363]: Successful su for rubyman by root
Jul 14 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8363]: + ??? root:rubyman
Jul 14 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8363]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784041 of user rubyman.
Jul 14 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8363]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784041.
Jul 14 11:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4975]: pam_unix(cron:session): session closed for user root
Jul 14 11:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8298]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7173]: pam_unix(cron:session): session closed for user root
Jul 14 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8787]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8788]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8786]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8784]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8784]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8850]: Successful su for rubyman by root
Jul 14 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8850]: + ??? root:rubyman
Jul 14 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8850]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784046 of user rubyman.
Jul 14 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8850]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784046.
Jul 14 11:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5668]: pam_unix(cron:session): session closed for user root
Jul 14 11:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8786]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7740]: pam_unix(cron:session): session closed for user root
Jul 14 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9333]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9332]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9331]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9330]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9330]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9396]: Successful su for rubyman by root
Jul 14 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9396]: + ??? root:rubyman
Jul 14 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9396]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784049 of user rubyman.
Jul 14 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9396]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784049.
Jul 14 11:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6212]: pam_unix(cron:session): session closed for user root
Jul 14 11:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9331]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8300]: pam_unix(cron:session): session closed for user root
Jul 14 11:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.80.6  user=root
Jul 14 11:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9683]: Failed password for root from 102.210.80.6 port 51462 ssh2
Jul 14 11:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9683]: Received disconnect from 102.210.80.6 port 51462:11: Bye Bye [preauth]
Jul 14 11:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9683]: Disconnected from 102.210.80.6 port 51462 [preauth]
Jul 14 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9755]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9754]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9756]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9752]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9757]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9751]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9757]: pam_unix(cron:session): session closed for user root
Jul 14 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9751]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9832]: Successful su for rubyman by root
Jul 14 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9832]: + ??? root:rubyman
Jul 14 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9832]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784055 of user rubyman.
Jul 14 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9832]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784055.
Jul 14 11:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9754]: pam_unix(cron:session): session closed for user root
Jul 14 11:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6630]: pam_unix(cron:session): session closed for user root
Jul 14 11:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9752]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8788]: pam_unix(cron:session): session closed for user root
Jul 14 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10199]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10200]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10197]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10196]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10196]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10356]: Successful su for rubyman by root
Jul 14 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10356]: + ??? root:rubyman
Jul 14 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10356]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784060 of user rubyman.
Jul 14 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10356]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784060.
Jul 14 11:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7171]: pam_unix(cron:session): session closed for user root
Jul 14 11:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10197]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9333]: pam_unix(cron:session): session closed for user root
Jul 14 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10788]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10787]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10786]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10785]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10785]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10850]: Successful su for rubyman by root
Jul 14 11:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10850]: + ??? root:rubyman
Jul 14 11:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10850]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784065 of user rubyman.
Jul 14 11:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10850]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784065.
Jul 14 11:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7739]: pam_unix(cron:session): session closed for user root
Jul 14 11:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10786]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9756]: pam_unix(cron:session): session closed for user root
Jul 14 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11190]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11189]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11188]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11187]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11187]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11249]: Successful su for rubyman by root
Jul 14 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11249]: + ??? root:rubyman
Jul 14 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11249]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784068 of user rubyman.
Jul 14 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11249]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784068.
Jul 14 11:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8299]: pam_unix(cron:session): session closed for user root
Jul 14 11:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11188]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10200]: pam_unix(cron:session): session closed for user root
Jul 14 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11598]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11597]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11596]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11595]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11595]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11655]: Successful su for rubyman by root
Jul 14 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11655]: + ??? root:rubyman
Jul 14 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11655]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784071 of user rubyman.
Jul 14 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11655]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784071.
Jul 14 11:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8787]: pam_unix(cron:session): session closed for user root
Jul 14 11:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11596]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10788]: pam_unix(cron:session): session closed for user root
Jul 14 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12016]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12013]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12017]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12018]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12011]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12010]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12018]: pam_unix(cron:session): session closed for user root
Jul 14 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12010]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12084]: Successful su for rubyman by root
Jul 14 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12084]: + ??? root:rubyman
Jul 14 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12084]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784077 of user rubyman.
Jul 14 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12084]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784077.
Jul 14 11:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12013]: pam_unix(cron:session): session closed for user root
Jul 14 11:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9332]: pam_unix(cron:session): session closed for user root
Jul 14 11:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12011]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11190]: pam_unix(cron:session): session closed for user root
Jul 14 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12514]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12513]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12512]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12511]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12511]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12605]: Successful su for rubyman by root
Jul 14 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12605]: + ??? root:rubyman
Jul 14 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12605]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784081 of user rubyman.
Jul 14 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12605]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784081.
Jul 14 11:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9755]: pam_unix(cron:session): session closed for user root
Jul 14 11:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12512]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.138.29.13  user=root
Jul 14 11:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12847]: Failed password for root from 174.138.29.13 port 49488 ssh2
Jul 14 11:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12847]: Received disconnect from 174.138.29.13 port 49488:11: Bye Bye [preauth]
Jul 14 11:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12847]: Disconnected from 174.138.29.13 port 49488 [preauth]
Jul 14 11:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11598]: pam_unix(cron:session): session closed for user root
Jul 14 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12977]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12976]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12985]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12975]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12975]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13065]: Successful su for rubyman by root
Jul 14 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13065]: + ??? root:rubyman
Jul 14 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13065]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784085 of user rubyman.
Jul 14 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13065]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784085.
Jul 14 11:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.80.6  user=root
Jul 14 11:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10199]: pam_unix(cron:session): session closed for user root
Jul 14 11:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13128]: Failed password for root from 102.210.80.6 port 44222 ssh2
Jul 14 11:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13128]: Received disconnect from 102.210.80.6 port 44222:11: Bye Bye [preauth]
Jul 14 11:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13128]: Disconnected from 102.210.80.6 port 44222 [preauth]
Jul 14 11:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12976]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12017]: pam_unix(cron:session): session closed for user root
Jul 14 11:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13430]: Invalid user zelda from 190.103.202.7
Jul 14 11:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13430]: input_userauth_request: invalid user zelda [preauth]
Jul 14 11:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13430]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 11:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Jul 14 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13435]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13436]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13434]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13433]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13430]: Failed password for invalid user zelda from 190.103.202.7 port 40374 ssh2
Jul 14 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13433]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13430]: Connection closed by 190.103.202.7 port 40374 [preauth]
Jul 14 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13597]: Successful su for rubyman by root
Jul 14 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13597]: + ??? root:rubyman
Jul 14 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13597]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784089 of user rubyman.
Jul 14 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13597]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784089.
Jul 14 11:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10787]: pam_unix(cron:session): session closed for user root
Jul 14 11:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13434]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.178.20  user=root
Jul 14 11:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13838]: Failed password for root from 64.23.178.20 port 41394 ssh2
Jul 14 11:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13838]: Received disconnect from 64.23.178.20 port 41394:11: Bye Bye [preauth]
Jul 14 11:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13838]: Disconnected from 64.23.178.20 port 41394 [preauth]
Jul 14 11:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12514]: pam_unix(cron:session): session closed for user root
Jul 14 11:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.121.0.25  user=root
Jul 14 11:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13909]: Failed password for root from 185.121.0.25 port 52600 ssh2
Jul 14 11:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13909]: Received disconnect from 185.121.0.25 port 52600:11: Bye Bye [preauth]
Jul 14 11:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13909]: Disconnected from 185.121.0.25 port 52600 [preauth]
Jul 14 11:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.30.109  user=root
Jul 14 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13957]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13958]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13956]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13955]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13953]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13955]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14095]: Successful su for rubyman by root
Jul 14 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14095]: + ??? root:rubyman
Jul 14 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14095]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784093 of user rubyman.
Jul 14 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14095]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784093.
Jul 14 11:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13951]: Failed password for root from 139.59.30.109 port 60114 ssh2
Jul 14 11:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13953]: pam_unix(cron:session): session closed for user root
Jul 14 11:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13951]: Received disconnect from 139.59.30.109 port 60114:11: Bye Bye [preauth]
Jul 14 11:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13951]: Disconnected from 139.59.30.109 port 60114 [preauth]
Jul 14 11:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11189]: pam_unix(cron:session): session closed for user root
Jul 14 11:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13956]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.64.226  user=root
Jul 14 11:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14354]: Failed password for root from 8.243.64.226 port 41124 ssh2
Jul 14 11:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14354]: Received disconnect from 8.243.64.226 port 41124:11: Bye Bye [preauth]
Jul 14 11:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14354]: Disconnected from 8.243.64.226 port 41124 [preauth]
Jul 14 11:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12985]: pam_unix(cron:session): session closed for user root
Jul 14 11:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Jul 14 11:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:165.154.59.90
Jul 14 11:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.138.29.13  user=root
Jul 14 11:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: Failed password for root from 174.138.29.13 port 38060 ssh2
Jul 14 11:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: Received disconnect from 174.138.29.13 port 38060:11: Bye Bye [preauth]
Jul 14 11:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: Disconnected from 174.138.29.13 port 38060 [preauth]
Jul 14 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14485]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14487]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14484]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14483]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14488]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14486]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14488]: pam_unix(cron:session): session closed for user root
Jul 14 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14483]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14558]: Successful su for rubyman by root
Jul 14 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14558]: + ??? root:rubyman
Jul 14 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14558]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784099 of user rubyman.
Jul 14 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14558]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784099.
Jul 14 11:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14485]: pam_unix(cron:session): session closed for user root
Jul 14 11:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11597]: pam_unix(cron:session): session closed for user root
Jul 14 11:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14484]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13436]: pam_unix(cron:session): session closed for user root
Jul 14 11:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.121.0.25  user=root
Jul 14 11:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14897]: Failed password for root from 185.121.0.25 port 41166 ssh2
Jul 14 11:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14897]: Received disconnect from 185.121.0.25 port 41166:11: Bye Bye [preauth]
Jul 14 11:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14897]: Disconnected from 185.121.0.25 port 41166 [preauth]
Jul 14 11:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.30.109  user=root
Jul 14 11:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14924]: Failed password for root from 139.59.30.109 port 60526 ssh2
Jul 14 11:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14924]: Received disconnect from 139.59.30.109 port 60526:11: Bye Bye [preauth]
Jul 14 11:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14924]: Disconnected from 139.59.30.109 port 60526 [preauth]
Jul 14 11:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.64.226  user=root
Jul 14 11:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14938]: Failed password for root from 8.243.64.226 port 43374 ssh2
Jul 14 11:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14938]: Received disconnect from 8.243.64.226 port 43374:11: Bye Bye [preauth]
Jul 14 11:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14938]: Disconnected from 8.243.64.226 port 43374 [preauth]
Jul 14 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14955]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14953]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14952]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14954]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14952]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15024]: Successful su for rubyman by root
Jul 14 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15024]: + ??? root:rubyman
Jul 14 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15024]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784104 of user rubyman.
Jul 14 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15024]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784104.
Jul 14 11:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12016]: pam_unix(cron:session): session closed for user root
Jul 14 11:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14953]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15217]: Did not receive identification string from 196.251.114.29
Jul 14 11:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.138.29.13  user=root
Jul 14 11:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15242]: Failed password for root from 174.138.29.13 port 60808 ssh2
Jul 14 11:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15242]: Received disconnect from 174.138.29.13 port 60808:11: Bye Bye [preauth]
Jul 14 11:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15242]: Disconnected from 174.138.29.13 port 60808 [preauth]
Jul 14 11:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13958]: pam_unix(cron:session): session closed for user root
Jul 14 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15374]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15373]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15372]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15371]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15371]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15435]: Successful su for rubyman by root
Jul 14 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15435]: + ??? root:rubyman
Jul 14 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15435]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784108 of user rubyman.
Jul 14 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15435]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784108.
Jul 14 11:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12513]: pam_unix(cron:session): session closed for user root
Jul 14 11:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15372]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.30.109  user=root
Jul 14 11:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15631]: Failed password for root from 139.59.30.109 port 59714 ssh2
Jul 14 11:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15631]: Received disconnect from 139.59.30.109 port 59714:11: Bye Bye [preauth]
Jul 14 11:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15631]: Disconnected from 139.59.30.109 port 59714 [preauth]
Jul 14 11:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.121.0.25  user=root
Jul 14 11:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15652]: Failed password for root from 185.121.0.25 port 39104 ssh2
Jul 14 11:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15652]: Received disconnect from 185.121.0.25 port 39104:11: Bye Bye [preauth]
Jul 14 11:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15652]: Disconnected from 185.121.0.25 port 39104 [preauth]
Jul 14 11:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.64.226  user=root
Jul 14 11:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15655]: Failed password for root from 8.243.64.226 port 32774 ssh2
Jul 14 11:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15655]: Received disconnect from 8.243.64.226 port 32774:11: Bye Bye [preauth]
Jul 14 11:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15655]: Disconnected from 8.243.64.226 port 32774 [preauth]
Jul 14 11:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14487]: pam_unix(cron:session): session closed for user root
Jul 14 11:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.138.29.13  user=root
Jul 14 11:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15732]: Failed password for root from 174.138.29.13 port 34450 ssh2
Jul 14 11:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15732]: Received disconnect from 174.138.29.13 port 34450:11: Bye Bye [preauth]
Jul 14 11:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15732]: Disconnected from 174.138.29.13 port 34450 [preauth]
Jul 14 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15801]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15799]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15798]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15800]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15798]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15863]: Successful su for rubyman by root
Jul 14 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15863]: + ??? root:rubyman
Jul 14 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15863]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784112 of user rubyman.
Jul 14 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15863]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784112.
Jul 14 11:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12977]: pam_unix(cron:session): session closed for user root
Jul 14 11:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15799]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14955]: pam_unix(cron:session): session closed for user root
Jul 14 11:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.30.109  user=root
Jul 14 11:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16131]: Failed password for root from 139.59.30.109 port 49994 ssh2
Jul 14 11:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16131]: Received disconnect from 139.59.30.109 port 49994:11: Bye Bye [preauth]
Jul 14 11:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16131]: Disconnected from 139.59.30.109 port 49994 [preauth]
Jul 14 11:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.64.226  user=root
Jul 14 11:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16156]: Failed password for root from 8.243.64.226 port 38008 ssh2
Jul 14 11:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16156]: Received disconnect from 8.243.64.226 port 38008:11: Bye Bye [preauth]
Jul 14 11:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16156]: Disconnected from 8.243.64.226 port 38008 [preauth]
Jul 14 11:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.121.0.25  user=root
Jul 14 11:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16190]: Failed password for root from 185.121.0.25 port 47508 ssh2
Jul 14 11:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16190]: Received disconnect from 185.121.0.25 port 47508:11: Bye Bye [preauth]
Jul 14 11:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16190]: Disconnected from 185.121.0.25 port 47508 [preauth]
Jul 14 11:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.138.29.13  user=root
Jul 14 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16214]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16212]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16213]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16211]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16211]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16208]: Failed password for root from 174.138.29.13 port 48588 ssh2
Jul 14 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16273]: Successful su for rubyman by root
Jul 14 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16273]: + ??? root:rubyman
Jul 14 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16273]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784116 of user rubyman.
Jul 14 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16273]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16208]: Received disconnect from 174.138.29.13 port 48588:11: Bye Bye [preauth]
Jul 14 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16208]: Disconnected from 174.138.29.13 port 48588 [preauth]
Jul 14 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784116.
Jul 14 11:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13435]: pam_unix(cron:session): session closed for user root
Jul 14 11:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16212]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.80.6  user=root
Jul 14 11:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16547]: Failed password for root from 102.210.80.6 port 35006 ssh2
Jul 14 11:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16547]: Received disconnect from 102.210.80.6 port 35006:11: Bye Bye [preauth]
Jul 14 11:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16547]: Disconnected from 102.210.80.6 port 35006 [preauth]
Jul 14 11:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15374]: pam_unix(cron:session): session closed for user root
Jul 14 11:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.30.109  user=root
Jul 14 11:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16654]: Failed password for root from 139.59.30.109 port 58004 ssh2
Jul 14 11:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16654]: Received disconnect from 139.59.30.109 port 58004:11: Bye Bye [preauth]
Jul 14 11:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16654]: Disconnected from 139.59.30.109 port 58004 [preauth]
Jul 14 11:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.64.226  user=root
Jul 14 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16678]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16675]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16680]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16681]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16677]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16676]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16681]: pam_unix(cron:session): session closed for user root
Jul 14 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16675]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16751]: Successful su for rubyman by root
Jul 14 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16751]: + ??? root:rubyman
Jul 14 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16751]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784122 of user rubyman.
Jul 14 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16751]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784122.
Jul 14 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16672]: Failed password for root from 8.243.64.226 port 44884 ssh2
Jul 14 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.178.20  user=root
Jul 14 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16672]: Received disconnect from 8.243.64.226 port 44884:11: Bye Bye [preauth]
Jul 14 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16672]: Disconnected from 8.243.64.226 port 44884 [preauth]
Jul 14 11:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16764]: Failed password for root from 64.23.178.20 port 51604 ssh2
Jul 14 11:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16764]: Received disconnect from 64.23.178.20 port 51604:11: Bye Bye [preauth]
Jul 14 11:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16764]: Disconnected from 64.23.178.20 port 51604 [preauth]
Jul 14 11:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16677]: pam_unix(cron:session): session closed for user root
Jul 14 11:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13957]: pam_unix(cron:session): session closed for user root
Jul 14 11:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16676]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.138.29.13  user=root
Jul 14 11:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17013]: Failed password for root from 174.138.29.13 port 50160 ssh2
Jul 14 11:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17013]: Received disconnect from 174.138.29.13 port 50160:11: Bye Bye [preauth]
Jul 14 11:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17013]: Disconnected from 174.138.29.13 port 50160 [preauth]
Jul 14 11:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.121.0.25  user=root
Jul 14 11:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17027]: Failed password for root from 185.121.0.25 port 58402 ssh2
Jul 14 11:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17027]: Received disconnect from 185.121.0.25 port 58402:11: Bye Bye [preauth]
Jul 14 11:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17027]: Disconnected from 185.121.0.25 port 58402 [preauth]
Jul 14 11:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15801]: pam_unix(cron:session): session closed for user root
Jul 14 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17162]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17161]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17160]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17159]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17159]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17232]: Successful su for rubyman by root
Jul 14 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17232]: + ??? root:rubyman
Jul 14 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17232]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784127 of user rubyman.
Jul 14 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17232]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784127.
Jul 14 11:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.30.109  user=root
Jul 14 11:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14486]: pam_unix(cron:session): session closed for user root
Jul 14 11:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17352]: Failed password for root from 139.59.30.109 port 54382 ssh2
Jul 14 11:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17352]: Received disconnect from 139.59.30.109 port 54382:11: Bye Bye [preauth]
Jul 14 11:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17352]: Disconnected from 139.59.30.109 port 54382 [preauth]
Jul 14 11:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17160]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.64.226  user=root
Jul 14 11:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17463]: Failed password for root from 8.243.64.226 port 59656 ssh2
Jul 14 11:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17463]: Received disconnect from 8.243.64.226 port 59656:11: Bye Bye [preauth]
Jul 14 11:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17463]: Disconnected from 8.243.64.226 port 59656 [preauth]
Jul 14 11:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.138.29.13  user=root
Jul 14 11:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16214]: pam_unix(cron:session): session closed for user root
Jul 14 11:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17513]: Failed password for root from 174.138.29.13 port 47010 ssh2
Jul 14 11:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17513]: Received disconnect from 174.138.29.13 port 47010:11: Bye Bye [preauth]
Jul 14 11:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17513]: Disconnected from 174.138.29.13 port 47010 [preauth]
Jul 14 11:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.121.0.25  user=root
Jul 14 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17612]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17611]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17609]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17607]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17607]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17679]: Successful su for rubyman by root
Jul 14 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17679]: + ??? root:rubyman
Jul 14 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17679]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784130 of user rubyman.
Jul 14 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17679]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784130.
Jul 14 11:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17604]: Failed password for root from 185.121.0.25 port 60530 ssh2
Jul 14 11:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17604]: Received disconnect from 185.121.0.25 port 60530:11: Bye Bye [preauth]
Jul 14 11:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17604]: Disconnected from 185.121.0.25 port 60530 [preauth]
Jul 14 11:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14954]: pam_unix(cron:session): session closed for user root
Jul 14 11:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17609]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.30.109  user=root
Jul 14 11:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18027]: Failed password for root from 139.59.30.109 port 46742 ssh2
Jul 14 11:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18027]: Received disconnect from 139.59.30.109 port 46742:11: Bye Bye [preauth]
Jul 14 11:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18027]: Disconnected from 139.59.30.109 port 46742 [preauth]
Jul 14 11:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.64.226  user=root
Jul 14 11:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16680]: pam_unix(cron:session): session closed for user root
Jul 14 11:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18074]: Failed password for root from 8.243.64.226 port 52084 ssh2
Jul 14 11:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18074]: Received disconnect from 8.243.64.226 port 52084:11: Bye Bye [preauth]
Jul 14 11:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18074]: Disconnected from 8.243.64.226 port 52084 [preauth]
Jul 14 11:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.138.29.13  user=root
Jul 14 11:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18132]: Failed password for root from 174.138.29.13 port 39294 ssh2
Jul 14 11:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18132]: Received disconnect from 174.138.29.13 port 39294:11: Bye Bye [preauth]
Jul 14 11:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18132]: Disconnected from 174.138.29.13 port 39294 [preauth]
Jul 14 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18157]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18158]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18156]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18155]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18155]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18217]: Successful su for rubyman by root
Jul 14 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18217]: + ??? root:rubyman
Jul 14 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18217]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784134 of user rubyman.
Jul 14 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18217]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784134.
Jul 14 11:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15373]: pam_unix(cron:session): session closed for user root
Jul 14 11:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18156]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17162]: pam_unix(cron:session): session closed for user root
Jul 14 11:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.121.0.25  user=root
Jul 14 11:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18517]: Failed password for root from 185.121.0.25 port 32910 ssh2
Jul 14 11:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18517]: Received disconnect from 185.121.0.25 port 32910:11: Bye Bye [preauth]
Jul 14 11:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18517]: Disconnected from 185.121.0.25 port 32910 [preauth]
Jul 14 11:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.30.109  user=root
Jul 14 11:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18544]: Failed password for root from 139.59.30.109 port 32928 ssh2
Jul 14 11:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18544]: Received disconnect from 139.59.30.109 port 32928:11: Bye Bye [preauth]
Jul 14 11:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18544]: Disconnected from 139.59.30.109 port 32928 [preauth]
Jul 14 11:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.64.226  user=root
Jul 14 11:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18580]: Failed password for root from 8.243.64.226 port 42494 ssh2
Jul 14 11:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18580]: Received disconnect from 8.243.64.226 port 42494:11: Bye Bye [preauth]
Jul 14 11:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18580]: Disconnected from 8.243.64.226 port 42494 [preauth]
Jul 14 11:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18601]: Invalid user es from 185.149.146.85
Jul 14 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18601]: input_userauth_request: invalid user es [preauth]
Jul 14 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18601]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.149.146.85
Jul 14 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18607]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18605]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18608]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18604]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18604]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18670]: Successful su for rubyman by root
Jul 14 11:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18670]: + ??? root:rubyman
Jul 14 11:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18670]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784140 of user rubyman.
Jul 14 11:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18670]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784140.
Jul 14 11:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18719]: fatal: Unable to negotiate with 114.67.80.147 port 58027: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 [preauth]
Jul 14 11:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18601]: Failed password for invalid user es from 185.149.146.85 port 53606 ssh2
Jul 14 11:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18601]: Received disconnect from 185.149.146.85 port 53606:11: Bye Bye [preauth]
Jul 14 11:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18601]: Disconnected from 185.149.146.85 port 53606 [preauth]
Jul 14 11:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18776]: fatal: Unable to negotiate with 114.67.80.147 port 58122: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 [preauth]
Jul 14 11:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15800]: pam_unix(cron:session): session closed for user root
Jul 14 11:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18847]: fatal: Unable to negotiate with 114.67.80.147 port 58229: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 [preauth]
Jul 14 11:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18865]: fatal: Unable to negotiate with 114.67.80.147 port 58350: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 [preauth]
Jul 14 11:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.138.29.13  user=root
Jul 14 11:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18605]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.178.20  user=root
Jul 14 11:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18859]: Failed password for root from 174.138.29.13 port 51192 ssh2
Jul 14 11:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18859]: Received disconnect from 174.138.29.13 port 51192:11: Bye Bye [preauth]
Jul 14 11:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18859]: Disconnected from 174.138.29.13 port 51192 [preauth]
Jul 14 11:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18880]: Failed password for root from 64.23.178.20 port 46218 ssh2
Jul 14 11:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18880]: Received disconnect from 64.23.178.20 port 46218:11: Bye Bye [preauth]
Jul 14 11:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18880]: Disconnected from 64.23.178.20 port 46218 [preauth]
Jul 14 11:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17612]: pam_unix(cron:session): session closed for user root
Jul 14 11:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.30.109  user=root
Jul 14 11:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19025]: Failed password for root from 139.59.30.109 port 56914 ssh2
Jul 14 11:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19025]: Received disconnect from 139.59.30.109 port 56914:11: Bye Bye [preauth]
Jul 14 11:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19025]: Disconnected from 139.59.30.109 port 56914 [preauth]
Jul 14 11:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.121.0.25  user=root
Jul 14 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19027]: Failed password for root from 185.121.0.25 port 53526 ssh2
Jul 14 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19027]: Received disconnect from 185.121.0.25 port 53526:11: Bye Bye [preauth]
Jul 14 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19027]: Disconnected from 185.121.0.25 port 53526 [preauth]
Jul 14 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19048]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19046]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19047]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19043]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19045]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19044]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19048]: pam_unix(cron:session): session closed for user root
Jul 14 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19043]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19119]: Successful su for rubyman by root
Jul 14 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19119]: + ??? root:rubyman
Jul 14 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19119]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784144 of user rubyman.
Jul 14 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19119]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784144.
Jul 14 11:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16213]: pam_unix(cron:session): session closed for user root
Jul 14 11:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19045]: pam_unix(cron:session): session closed for user root
Jul 14 11:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.64.226  user=root
Jul 14 11:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19260]: Failed password for root from 8.243.64.226 port 37154 ssh2
Jul 14 11:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19260]: Received disconnect from 8.243.64.226 port 37154:11: Bye Bye [preauth]
Jul 14 11:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19260]: Disconnected from 8.243.64.226 port 37154 [preauth]
Jul 14 11:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19044]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.138.29.13  user=root
Jul 14 11:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19376]: Failed password for root from 174.138.29.13 port 41290 ssh2
Jul 14 11:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19376]: Received disconnect from 174.138.29.13 port 41290:11: Bye Bye [preauth]
Jul 14 11:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19376]: Disconnected from 174.138.29.13 port 41290 [preauth]
Jul 14 11:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18158]: pam_unix(cron:session): session closed for user root
Jul 14 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19504]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19503]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19501]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19502]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19501]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19573]: Successful su for rubyman by root
Jul 14 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19573]: + ??? root:rubyman
Jul 14 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19573]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784148 of user rubyman.
Jul 14 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19573]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784148.
Jul 14 11:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16678]: pam_unix(cron:session): session closed for user root
Jul 14 11:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.30.109  user=root
Jul 14 11:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19502]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19763]: Failed password for root from 139.59.30.109 port 37408 ssh2
Jul 14 11:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19763]: Received disconnect from 139.59.30.109 port 37408:11: Bye Bye [preauth]
Jul 14 11:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19763]: Disconnected from 139.59.30.109 port 37408 [preauth]
Jul 14 11:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.64.226  user=root
Jul 14 11:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19828]: Failed password for root from 8.243.64.226 port 48342 ssh2
Jul 14 11:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19828]: Received disconnect from 8.243.64.226 port 48342:11: Bye Bye [preauth]
Jul 14 11:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19828]: Disconnected from 8.243.64.226 port 48342 [preauth]
Jul 14 11:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.121.0.25  user=root
Jul 14 11:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19862]: Failed password for root from 185.121.0.25 port 47476 ssh2
Jul 14 11:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19862]: Received disconnect from 185.121.0.25 port 47476:11: Bye Bye [preauth]
Jul 14 11:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19862]: Disconnected from 185.121.0.25 port 47476 [preauth]
Jul 14 11:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18608]: pam_unix(cron:session): session closed for user root
Jul 14 11:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.138.29.13  user=root
Jul 14 11:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19891]: Failed password for root from 174.138.29.13 port 59910 ssh2
Jul 14 11:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19891]: Received disconnect from 174.138.29.13 port 59910:11: Bye Bye [preauth]
Jul 14 11:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19891]: Disconnected from 174.138.29.13 port 59910 [preauth]
Jul 14 11:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19906]: Invalid user vhserver from 14.103.105.254
Jul 14 11:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19906]: input_userauth_request: invalid user vhserver [preauth]
Jul 14 11:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19906]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 11:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.105.254
Jul 14 11:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19906]: Failed password for invalid user vhserver from 14.103.105.254 port 56126 ssh2
Jul 14 11:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.80.6  user=root
Jul 14 11:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19948]: Failed password for root from 102.210.80.6 port 53093 ssh2
Jul 14 11:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19948]: Received disconnect from 102.210.80.6 port 53093:11: Bye Bye [preauth]
Jul 14 11:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19948]: Disconnected from 102.210.80.6 port 53093 [preauth]
Jul 14 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19966]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19963]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19965]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19964]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19963]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20035]: Successful su for rubyman by root
Jul 14 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20035]: + ??? root:rubyman
Jul 14 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20035]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784152 of user rubyman.
Jul 14 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20035]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784152.
Jul 14 11:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17161]: pam_unix(cron:session): session closed for user root
Jul 14 11:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19964]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.30.109  user=root
Jul 14 11:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20263]: Failed password for root from 139.59.30.109 port 57426 ssh2
Jul 14 11:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20263]: Received disconnect from 139.59.30.109 port 57426:11: Bye Bye [preauth]
Jul 14 11:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20263]: Disconnected from 139.59.30.109 port 57426 [preauth]
Jul 14 11:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.64.226  user=root
Jul 14 11:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19047]: pam_unix(cron:session): session closed for user root
Jul 14 11:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20308]: Failed password for root from 8.243.64.226 port 46192 ssh2
Jul 14 11:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20308]: Received disconnect from 8.243.64.226 port 46192:11: Bye Bye [preauth]
Jul 14 11:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20308]: Disconnected from 8.243.64.226 port 46192 [preauth]
Jul 14 11:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.138.29.13  user=root
Jul 14 11:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20358]: Failed password for root from 174.138.29.13 port 53180 ssh2
Jul 14 11:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20358]: Received disconnect from 174.138.29.13 port 53180:11: Bye Bye [preauth]
Jul 14 11:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20358]: Disconnected from 174.138.29.13 port 53180 [preauth]
Jul 14 11:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.121.0.25  user=root
Jul 14 11:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20360]: Failed password for root from 185.121.0.25 port 42452 ssh2
Jul 14 11:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20360]: Received disconnect from 185.121.0.25 port 42452:11: Bye Bye [preauth]
Jul 14 11:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20360]: Disconnected from 185.121.0.25 port 42452 [preauth]
Jul 14 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20386]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20387]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20384]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20385]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20384]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20456]: Successful su for rubyman by root
Jul 14 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20456]: + ??? root:rubyman
Jul 14 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20456]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784158 of user rubyman.
Jul 14 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20456]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784158.
Jul 14 11:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17611]: pam_unix(cron:session): session closed for user root
Jul 14 11:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20385]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19504]: pam_unix(cron:session): session closed for user root
Jul 14 11:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.30.109  user=root
Jul 14 11:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20757]: Failed password for root from 139.59.30.109 port 48402 ssh2
Jul 14 11:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20757]: Received disconnect from 139.59.30.109 port 48402:11: Bye Bye [preauth]
Jul 14 11:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20757]: Disconnected from 139.59.30.109 port 48402 [preauth]
Jul 14 11:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.64.226  user=root
Jul 14 11:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20791]: Failed password for root from 8.243.64.226 port 46546 ssh2
Jul 14 11:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20791]: Received disconnect from 8.243.64.226 port 46546:11: Bye Bye [preauth]
Jul 14 11:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20791]: Disconnected from 8.243.64.226 port 46546 [preauth]
Jul 14 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20817]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20819]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20818]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20816]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20816]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20892]: Successful su for rubyman by root
Jul 14 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20892]: + ??? root:rubyman
Jul 14 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20892]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784160 of user rubyman.
Jul 14 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20892]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784160.
Jul 14 11:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18157]: pam_unix(cron:session): session closed for user root
Jul 14 11:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20817]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.138.29.13  user=root
Jul 14 11:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21082]: Failed password for root from 174.138.29.13 port 55728 ssh2
Jul 14 11:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21082]: Received disconnect from 174.138.29.13 port 55728:11: Bye Bye [preauth]
Jul 14 11:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21082]: Disconnected from 174.138.29.13 port 55728 [preauth]
Jul 14 11:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.121.0.25  user=root
Jul 14 11:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21096]: Failed password for root from 185.121.0.25 port 55218 ssh2
Jul 14 11:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21096]: Received disconnect from 185.121.0.25 port 55218:11: Bye Bye [preauth]
Jul 14 11:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21096]: Disconnected from 185.121.0.25 port 55218 [preauth]
Jul 14 11:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19966]: pam_unix(cron:session): session closed for user root
Jul 14 11:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.30.109  user=root
Jul 14 11:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21249]: Failed password for root from 139.59.30.109 port 34594 ssh2
Jul 14 11:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21249]: Received disconnect from 139.59.30.109 port 34594:11: Bye Bye [preauth]
Jul 14 11:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21249]: Disconnected from 139.59.30.109 port 34594 [preauth]
Jul 14 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21268]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21267]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21269]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21265]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21262]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21264]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21269]: pam_unix(cron:session): session closed for user root
Jul 14 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21262]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21346]: Successful su for rubyman by root
Jul 14 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21346]: + ??? root:rubyman
Jul 14 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21346]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784164 of user rubyman.
Jul 14 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21346]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784164.
Jul 14 11:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21265]: pam_unix(cron:session): session closed for user root
Jul 14 11:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21491]: Invalid user root1 from 64.23.178.20
Jul 14 11:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21491]: input_userauth_request: invalid user root1 [preauth]
Jul 14 11:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21491]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 11:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.178.20
Jul 14 11:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18607]: pam_unix(cron:session): session closed for user root
Jul 14 11:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21491]: Failed password for invalid user root1 from 64.23.178.20 port 57696 ssh2
Jul 14 11:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21491]: Received disconnect from 64.23.178.20 port 57696:11: Bye Bye [preauth]
Jul 14 11:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21491]: Disconnected from 64.23.178.20 port 57696 [preauth]
Jul 14 11:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21264]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21586]: Invalid user myftp from 185.149.146.85
Jul 14 11:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21586]: input_userauth_request: invalid user myftp [preauth]
Jul 14 11:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21586]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 11:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.149.146.85
Jul 14 11:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.64.226  user=root
Jul 14 11:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21586]: Failed password for invalid user myftp from 185.149.146.85 port 50636 ssh2
Jul 14 11:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21586]: Received disconnect from 185.149.146.85 port 50636:11: Bye Bye [preauth]
Jul 14 11:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21586]: Disconnected from 185.149.146.85 port 50636 [preauth]
Jul 14 11:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21588]: Failed password for root from 8.243.64.226 port 34938 ssh2
Jul 14 11:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21588]: Received disconnect from 8.243.64.226 port 34938:11: Bye Bye [preauth]
Jul 14 11:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21588]: Disconnected from 8.243.64.226 port 34938 [preauth]
Jul 14 11:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.138.29.13  user=root
Jul 14 11:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21661]: Failed password for root from 174.138.29.13 port 37566 ssh2
Jul 14 11:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21661]: Received disconnect from 174.138.29.13 port 37566:11: Bye Bye [preauth]
Jul 14 11:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21661]: Disconnected from 174.138.29.13 port 37566 [preauth]
Jul 14 11:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20387]: pam_unix(cron:session): session closed for user root
Jul 14 11:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.121.0.25  user=root
Jul 14 11:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21715]: Failed password for root from 185.121.0.25 port 36368 ssh2
Jul 14 11:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21715]: Received disconnect from 185.121.0.25 port 36368:11: Bye Bye [preauth]
Jul 14 11:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21715]: Disconnected from 185.121.0.25 port 36368 [preauth]
Jul 14 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21869]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21867]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21868]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21863]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21863]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22127]: Successful su for rubyman by root
Jul 14 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22127]: + ??? root:rubyman
Jul 14 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22127]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784171 of user rubyman.
Jul 14 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22127]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784171.
Jul 14 11:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19046]: pam_unix(cron:session): session closed for user root
Jul 14 11:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21867]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.30.109  user=root
Jul 14 11:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22382]: Failed password for root from 139.59.30.109 port 54138 ssh2
Jul 14 11:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22382]: Received disconnect from 139.59.30.109 port 54138:11: Bye Bye [preauth]
Jul 14 11:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22382]: Disconnected from 139.59.30.109 port 54138 [preauth]
Jul 14 11:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 11:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22411]: Failed password for root from 185.93.89.118 port 10050 ssh2
Jul 14 11:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.64.226  user=root
Jul 14 11:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22454]: Failed password for root from 8.243.64.226 port 51074 ssh2
Jul 14 11:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22454]: Received disconnect from 8.243.64.226 port 51074:11: Bye Bye [preauth]
Jul 14 11:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22454]: Disconnected from 8.243.64.226 port 51074 [preauth]
Jul 14 11:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22411]: Connection closed by 185.93.89.118 port 10050 [preauth]
Jul 14 11:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20819]: pam_unix(cron:session): session closed for user root
Jul 14 11:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 11:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22501]: Failed password for root from 185.93.89.118 port 18802 ssh2
Jul 14 11:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22501]: Connection closed by 185.93.89.118 port 18802 [preauth]
Jul 14 11:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.138.29.13  user=root
Jul 14 11:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22547]: Failed password for root from 174.138.29.13 port 41078 ssh2
Jul 14 11:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22547]: Received disconnect from 174.138.29.13 port 41078:11: Bye Bye [preauth]
Jul 14 11:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22547]: Disconnected from 174.138.29.13 port 41078 [preauth]
Jul 14 11:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.121.0.25  user=root
Jul 14 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22570]: Failed password for root from 185.121.0.25 port 46436 ssh2
Jul 14 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22570]: Received disconnect from 185.121.0.25 port 46436:11: Bye Bye [preauth]
Jul 14 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22570]: Disconnected from 185.121.0.25 port 46436 [preauth]
Jul 14 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22581]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22580]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22579]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22577]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22577]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22643]: Successful su for rubyman by root
Jul 14 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22643]: + ??? root:rubyman
Jul 14 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22643]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784174 of user rubyman.
Jul 14 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22643]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784174.
Jul 14 11:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19503]: pam_unix(cron:session): session closed for user root
Jul 14 11:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22579]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22861]: Invalid user ubuntu from 185.149.146.85
Jul 14 11:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22861]: input_userauth_request: invalid user ubuntu [preauth]
Jul 14 11:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22861]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 11:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.149.146.85
Jul 14 11:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22861]: Failed password for invalid user ubuntu from 185.149.146.85 port 33312 ssh2
Jul 14 11:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22861]: Received disconnect from 185.149.146.85 port 33312:11: Bye Bye [preauth]
Jul 14 11:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22861]: Disconnected from 185.149.146.85 port 33312 [preauth]
Jul 14 11:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 11:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22558]: Failed password for root from 185.93.89.118 port 14134 ssh2
Jul 14 11:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22558]: Connection closed by 185.93.89.118 port 14134 [preauth]
Jul 14 11:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.30.109  user=root
Jul 14 11:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21268]: pam_unix(cron:session): session closed for user root
Jul 14 11:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22966]: Failed password for root from 139.59.30.109 port 56066 ssh2
Jul 14 11:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22966]: Received disconnect from 139.59.30.109 port 56066:11: Bye Bye [preauth]
Jul 14 11:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22966]: Disconnected from 139.59.30.109 port 56066 [preauth]
Jul 14 11:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 11:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22909]: Failed password for root from 185.93.89.118 port 36304 ssh2
Jul 14 11:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23033]: Invalid user root1 from 8.243.64.226
Jul 14 11:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23033]: input_userauth_request: invalid user root1 [preauth]
Jul 14 11:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23033]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 11:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.64.226
Jul 14 11:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22909]: Connection closed by 185.93.89.118 port 36304 [preauth]
Jul 14 11:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23033]: Failed password for invalid user root1 from 8.243.64.226 port 39868 ssh2
Jul 14 11:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23033]: Received disconnect from 8.243.64.226 port 39868:11: Bye Bye [preauth]
Jul 14 11:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23033]: Disconnected from 8.243.64.226 port 39868 [preauth]
Jul 14 11:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23066]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23065]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23067]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23064]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23064]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23128]: Successful su for rubyman by root
Jul 14 11:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23128]: + ??? root:rubyman
Jul 14 11:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23128]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784179 of user rubyman.
Jul 14 11:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23128]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784179.
Jul 14 11:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19965]: pam_unix(cron:session): session closed for user root
Jul 14 11:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23065]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 11:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23043]: Failed password for root from 185.93.89.118 port 1974 ssh2
Jul 14 11:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23043]: Connection closed by 185.93.89.118 port 1974 [preauth]
Jul 14 11:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.138.29.13  user=root
Jul 14 11:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23426]: Failed password for root from 174.138.29.13 port 44564 ssh2
Jul 14 11:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23426]: Received disconnect from 174.138.29.13 port 44564:11: Bye Bye [preauth]
Jul 14 11:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23426]: Disconnected from 174.138.29.13 port 44564 [preauth]
Jul 14 11:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.121.0.25  user=root
Jul 14 11:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23452]: Failed password for root from 185.121.0.25 port 44696 ssh2
Jul 14 11:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23452]: Received disconnect from 185.121.0.25 port 44696:11: Bye Bye [preauth]
Jul 14 11:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23452]: Disconnected from 185.121.0.25 port 44696 [preauth]
Jul 14 11:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23470]: Invalid user znc from 14.103.105.254
Jul 14 11:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23470]: input_userauth_request: invalid user znc [preauth]
Jul 14 11:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23470]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 11:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.105.254
Jul 14 11:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23470]: Failed password for invalid user znc from 14.103.105.254 port 48608 ssh2
Jul 14 11:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23470]: Received disconnect from 14.103.105.254 port 48608:11: Bye Bye [preauth]
Jul 14 11:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23470]: Disconnected from 14.103.105.254 port 48608 [preauth]
Jul 14 11:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21869]: pam_unix(cron:session): session closed for user root
Jul 14 11:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 11:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23455]: Failed password for root from 185.93.89.118 port 11480 ssh2
Jul 14 11:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23455]: Connection closed by 185.93.89.118 port 11480 [preauth]
Jul 14 11:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.30.109  user=root
Jul 14 11:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23567]: Failed password for root from 139.59.30.109 port 59312 ssh2
Jul 14 11:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23567]: Received disconnect from 139.59.30.109 port 59312:11: Bye Bye [preauth]
Jul 14 11:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23567]: Disconnected from 139.59.30.109 port 59312 [preauth]
Jul 14 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23596]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23594]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23595]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23597]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23594]: pam_unix(cron:session): session closed for user p13x
Jul 14 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23663]: Successful su for rubyman by root
Jul 14 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23663]: + ??? root:rubyman
Jul 14 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23663]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784185 of user rubyman.
Jul 14 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23663]: pam_unix(su:session): session closed for user rubyman
Jul 14 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784185.
Jul 14 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.64.226  user=root
Jul 14 11:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20386]: pam_unix(cron:session): session closed for user root
Jul 14 11:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23716]: Failed password for root from 8.243.64.226 port 37618 ssh2
Jul 14 11:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.178.20  user=root
Jul 14 11:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23716]: Received disconnect from 8.243.64.226 port 37618:11: Bye Bye [preauth]
Jul 14 11:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23716]: Disconnected from 8.243.64.226 port 37618 [preauth]
Jul 14 11:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23933]: Failed password for root from 64.23.178.20 port 40762 ssh2
Jul 14 11:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23933]: Received disconnect from 64.23.178.20 port 40762:11: Bye Bye [preauth]
Jul 14 11:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23933]: Disconnected from 64.23.178.20 port 40762 [preauth]
Jul 14 11:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23595]: pam_unix(cron:session): session closed for user samftp
Jul 14 11:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 11:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23566]: Failed password for root from 185.93.89.118 port 1980 ssh2
Jul 14 11:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23566]: Connection closed by 185.93.89.118 port 1980 [preauth]
Jul 14 11:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.138.29.13  user=root
Jul 14 11:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22581]: pam_unix(cron:session): session closed for user root
Jul 14 11:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24053]: Failed password for root from 174.138.29.13 port 47070 ssh2
Jul 14 11:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24053]: Received disconnect from 174.138.29.13 port 47070:11: Bye Bye [preauth]
Jul 14 11:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24053]: Disconnected from 174.138.29.13 port 47070 [preauth]
Jul 14 11:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 11:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.121.0.25  user=root
Jul 14 11:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24011]: Failed password for root from 185.93.89.118 port 4332 ssh2
Jul 14 11:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24011]: Connection closed by 185.93.89.118 port 4332 [preauth]
Jul 14 11:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24084]: Failed password for root from 185.121.0.25 port 39582 ssh2
Jul 14 11:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24084]: Received disconnect from 185.121.0.25 port 39582:11: Bye Bye [preauth]
Jul 14 11:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24084]: Disconnected from 185.121.0.25 port 39582 [preauth]
Jul 14 11:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.80.6  user=root
Jul 14 11:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24119]: Failed password for root from 102.210.80.6 port 52005 ssh2
Jul 14 11:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24119]: Received disconnect from 102.210.80.6 port 52005:11: Bye Bye [preauth]
Jul 14 11:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24119]: Disconnected from 102.210.80.6 port 52005 [preauth]
Jul 14 11:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 11:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24130]: Invalid user azureuser from 14.103.105.254
Jul 14 11:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24130]: input_userauth_request: invalid user azureuser [preauth]
Jul 14 11:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24130]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 11:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.105.254
Jul 14 12:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24130]: Failed password for invalid user azureuser from 14.103.105.254 port 12276 ssh2
Jul 14 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24148]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24151]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24152]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24149]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24147]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24146]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24144]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24152]: pam_unix(cron:session): session closed for user root
Jul 14 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24147]: pam_unix(cron:session): session closed for user root
Jul 14 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24144]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24130]: Received disconnect from 14.103.105.254 port 12276:11: Bye Bye [preauth]
Jul 14 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24130]: Disconnected from 14.103.105.254 port 12276 [preauth]
Jul 14 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24269]: Successful su for rubyman by root
Jul 14 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24269]: + ??? root:rubyman
Jul 14 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24269]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784188 of user rubyman.
Jul 14 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24269]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784188.
Jul 14 12:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20818]: pam_unix(cron:session): session closed for user root
Jul 14 12:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24148]: pam_unix(cron:session): session closed for user root
Jul 14 12:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 12:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24108]: Failed password for root from 185.93.89.118 port 61654 ssh2
Jul 14 12:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24108]: Connection closed by 185.93.89.118 port 61654 [preauth]
Jul 14 12:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24146]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.30.109  user=root
Jul 14 12:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24517]: Failed password for root from 139.59.30.109 port 37590 ssh2
Jul 14 12:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24517]: Received disconnect from 139.59.30.109 port 37590:11: Bye Bye [preauth]
Jul 14 12:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24517]: Disconnected from 139.59.30.109 port 37590 [preauth]
Jul 14 12:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.64.226  user=root
Jul 14 12:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24557]: Failed password for root from 8.243.64.226 port 38266 ssh2
Jul 14 12:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24557]: Received disconnect from 8.243.64.226 port 38266:11: Bye Bye [preauth]
Jul 14 12:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24557]: Disconnected from 8.243.64.226 port 38266 [preauth]
Jul 14 12:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23067]: pam_unix(cron:session): session closed for user root
Jul 14 12:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 12:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24536]: Failed password for root from 185.93.89.118 port 53878 ssh2
Jul 14 12:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24536]: Connection closed by 185.93.89.118 port 53878 [preauth]
Jul 14 12:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24677]: Invalid user ts from 14.103.105.254
Jul 14 12:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24677]: input_userauth_request: invalid user ts [preauth]
Jul 14 12:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24677]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.105.254
Jul 14 12:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24677]: Failed password for invalid user ts from 14.103.105.254 port 17874 ssh2
Jul 14 12:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24677]: Received disconnect from 14.103.105.254 port 17874:11: Bye Bye [preauth]
Jul 14 12:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24677]: Disconnected from 14.103.105.254 port 17874 [preauth]
Jul 14 12:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.138.29.13  user=root
Jul 14 12:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24722]: Failed password for root from 174.138.29.13 port 40752 ssh2
Jul 14 12:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24722]: Received disconnect from 174.138.29.13 port 40752:11: Bye Bye [preauth]
Jul 14 12:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24722]: Disconnected from 174.138.29.13 port 40752 [preauth]
Jul 14 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.178.20  user=root
Jul 14 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24745]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24744]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24746]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24743]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24743]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24812]: Successful su for rubyman by root
Jul 14 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24812]: + ??? root:rubyman
Jul 14 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24812]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784193 of user rubyman.
Jul 14 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24812]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784193.
Jul 14 12:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24740]: Failed password for root from 64.23.178.20 port 39566 ssh2
Jul 14 12:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24740]: Received disconnect from 64.23.178.20 port 39566:11: Bye Bye [preauth]
Jul 14 12:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24740]: Disconnected from 64.23.178.20 port 39566 [preauth]
Jul 14 12:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 12:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21267]: pam_unix(cron:session): session closed for user root
Jul 14 12:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24693]: Failed password for root from 185.93.89.118 port 53920 ssh2
Jul 14 12:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24693]: Connection closed by 185.93.89.118 port 53920 [preauth]
Jul 14 12:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.121.0.25  user=root
Jul 14 12:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24744]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24970]: Failed password for root from 185.121.0.25 port 48546 ssh2
Jul 14 12:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24970]: Received disconnect from 185.121.0.25 port 48546:11: Bye Bye [preauth]
Jul 14 12:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24970]: Disconnected from 185.121.0.25 port 48546 [preauth]
Jul 14 12:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.30.109  user=root
Jul 14 12:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 12:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25078]: Invalid user ubuntu from 14.103.105.254
Jul 14 12:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25078]: input_userauth_request: invalid user ubuntu [preauth]
Jul 14 12:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25078]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.105.254
Jul 14 12:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25082]: Invalid user rosemary from 80.94.95.15
Jul 14 12:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25082]: input_userauth_request: invalid user rosemary [preauth]
Jul 14 12:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25082]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.15
Jul 14 12:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23597]: pam_unix(cron:session): session closed for user root
Jul 14 12:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25021]: Failed password for root from 185.93.89.118 port 12958 ssh2
Jul 14 12:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25078]: Failed password for invalid user ubuntu from 14.103.105.254 port 46040 ssh2
Jul 14 12:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25078]: Received disconnect from 14.103.105.254 port 46040:11: Bye Bye [preauth]
Jul 14 12:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25078]: Disconnected from 14.103.105.254 port 46040 [preauth]
Jul 14 12:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25082]: Failed password for invalid user rosemary from 80.94.95.15 port 41718 ssh2
Jul 14 12:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25082]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25080]: Failed password for root from 139.59.30.109 port 51138 ssh2
Jul 14 12:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25080]: Received disconnect from 139.59.30.109 port 51138:11: Bye Bye [preauth]
Jul 14 12:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25080]: Disconnected from 139.59.30.109 port 51138 [preauth]
Jul 14 12:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25021]: Connection closed by 185.93.89.118 port 12958 [preauth]
Jul 14 12:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25082]: Failed password for invalid user rosemary from 80.94.95.15 port 41718 ssh2
Jul 14 12:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25082]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.64.226  user=root
Jul 14 12:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25082]: Failed password for invalid user rosemary from 80.94.95.15 port 41718 ssh2
Jul 14 12:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25082]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25121]: Failed password for root from 8.243.64.226 port 49516 ssh2
Jul 14 12:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25121]: Received disconnect from 8.243.64.226 port 49516:11: Bye Bye [preauth]
Jul 14 12:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25121]: Disconnected from 8.243.64.226 port 49516 [preauth]
Jul 14 12:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25082]: Failed password for invalid user rosemary from 80.94.95.15 port 41718 ssh2
Jul 14 12:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25082]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25082]: Failed password for invalid user rosemary from 80.94.95.15 port 41718 ssh2
Jul 14 12:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25082]: Received disconnect from 80.94.95.15 port 41718:11: Bye [preauth]
Jul 14 12:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25082]: Disconnected from 80.94.95.15 port 41718 [preauth]
Jul 14 12:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25082]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.15
Jul 14 12:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25082]: PAM service(sshd) ignoring max retries; 5 > 3
Jul 14 12:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25183]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25181]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25182]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25180]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25180]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25242]: Successful su for rubyman by root
Jul 14 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25242]: + ??? root:rubyman
Jul 14 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25242]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784197 of user rubyman.
Jul 14 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25242]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784197.
Jul 14 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25125]: Failed password for root from 185.93.89.118 port 10750 ssh2
Jul 14 12:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25125]: Connection closed by 185.93.89.118 port 10750 [preauth]
Jul 14 12:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21868]: pam_unix(cron:session): session closed for user root
Jul 14 12:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25181]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.138.29.13  user=root
Jul 14 12:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25466]: Failed password for root from 174.138.29.13 port 53434 ssh2
Jul 14 12:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25466]: Received disconnect from 174.138.29.13 port 53434:11: Bye Bye [preauth]
Jul 14 12:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25466]: Disconnected from 174.138.29.13 port 53434 [preauth]
Jul 14 12:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25491]: Invalid user frappe from 14.103.105.254
Jul 14 12:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25491]: input_userauth_request: invalid user frappe [preauth]
Jul 14 12:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25491]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.105.254
Jul 14 12:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25491]: Failed password for invalid user frappe from 14.103.105.254 port 54668 ssh2
Jul 14 12:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25491]: Received disconnect from 14.103.105.254 port 54668:11: Bye Bye [preauth]
Jul 14 12:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25491]: Disconnected from 14.103.105.254 port 54668 [preauth]
Jul 14 12:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.121.0.25  user=root
Jul 14 12:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25515]: Failed password for root from 185.121.0.25 port 48990 ssh2
Jul 14 12:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25515]: Received disconnect from 185.121.0.25 port 48990:11: Bye Bye [preauth]
Jul 14 12:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25515]: Disconnected from 185.121.0.25 port 48990 [preauth]
Jul 14 12:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 12:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25456]: Failed password for root from 185.93.89.118 port 58724 ssh2
Jul 14 12:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25456]: Connection closed by 185.93.89.118 port 58724 [preauth]
Jul 14 12:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24151]: pam_unix(cron:session): session closed for user root
Jul 14 12:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.30.109  user=root
Jul 14 12:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25606]: Failed password for root from 139.59.30.109 port 56640 ssh2
Jul 14 12:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25606]: Received disconnect from 139.59.30.109 port 56640:11: Bye Bye [preauth]
Jul 14 12:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25606]: Disconnected from 139.59.30.109 port 56640 [preauth]
Jul 14 12:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.64.226  user=root
Jul 14 12:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25637]: Failed password for root from 8.243.64.226 port 40462 ssh2
Jul 14 12:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25637]: Received disconnect from 8.243.64.226 port 40462:11: Bye Bye [preauth]
Jul 14 12:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25637]: Disconnected from 8.243.64.226 port 40462 [preauth]
Jul 14 12:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 12:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.178.20  user=root
Jul 14 12:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25577]: Failed password for root from 185.93.89.118 port 49824 ssh2
Jul 14 12:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25646]: Failed password for root from 64.23.178.20 port 51924 ssh2
Jul 14 12:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25646]: Received disconnect from 64.23.178.20 port 51924:11: Bye Bye [preauth]
Jul 14 12:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25646]: Disconnected from 64.23.178.20 port 51924 [preauth]
Jul 14 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25666]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25665]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25664]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25657]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25657]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25577]: Connection closed by 185.93.89.118 port 49824 [preauth]
Jul 14 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25752]: Successful su for rubyman by root
Jul 14 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25752]: + ??? root:rubyman
Jul 14 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25752]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784202 of user rubyman.
Jul 14 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25752]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784202.
Jul 14 12:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22580]: pam_unix(cron:session): session closed for user root
Jul 14 12:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25664]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 12:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.138.29.13  user=root
Jul 14 12:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25964]: Failed password for root from 185.93.89.118 port 6148 ssh2
Jul 14 12:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26046]: Failed password for root from 174.138.29.13 port 53966 ssh2
Jul 14 12:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26046]: Received disconnect from 174.138.29.13 port 53966:11: Bye Bye [preauth]
Jul 14 12:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26046]: Disconnected from 174.138.29.13 port 53966 [preauth]
Jul 14 12:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25964]: Connection closed by 185.93.89.118 port 6148 [preauth]
Jul 14 12:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24746]: pam_unix(cron:session): session closed for user root
Jul 14 12:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.121.0.25  user=root
Jul 14 12:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26107]: Failed password for root from 185.121.0.25 port 33946 ssh2
Jul 14 12:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26107]: Received disconnect from 185.121.0.25 port 33946:11: Bye Bye [preauth]
Jul 14 12:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26107]: Disconnected from 185.121.0.25 port 33946 [preauth]
Jul 14 12:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 12:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26081]: Failed password for root from 185.93.89.118 port 22772 ssh2
Jul 14 12:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26081]: Connection closed by 185.93.89.118 port 22772 [preauth]
Jul 14 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26156]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26154]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26153]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26155]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26153]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26215]: Successful su for rubyman by root
Jul 14 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26215]: + ??? root:rubyman
Jul 14 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26215]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784205 of user rubyman.
Jul 14 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26215]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784205.
Jul 14 12:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.30.109  user=root
Jul 14 12:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26150]: Failed password for root from 139.59.30.109 port 47726 ssh2
Jul 14 12:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26150]: Received disconnect from 139.59.30.109 port 47726:11: Bye Bye [preauth]
Jul 14 12:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26150]: Disconnected from 139.59.30.109 port 47726 [preauth]
Jul 14 12:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23066]: pam_unix(cron:session): session closed for user root
Jul 14 12:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26154]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.64.226  user=root
Jul 14 12:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26413]: Failed password for root from 8.243.64.226 port 43900 ssh2
Jul 14 12:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26413]: Received disconnect from 8.243.64.226 port 43900:11: Bye Bye [preauth]
Jul 14 12:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26413]: Disconnected from 8.243.64.226 port 43900 [preauth]
Jul 14 12:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 12:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26377]: Failed password for root from 185.93.89.118 port 51100 ssh2
Jul 14 12:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26377]: Connection closed by 185.93.89.118 port 51100 [preauth]
Jul 14 12:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25183]: pam_unix(cron:session): session closed for user root
Jul 14 12:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26608]: Invalid user postgres from 185.149.146.85
Jul 14 12:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26608]: input_userauth_request: invalid user postgres [preauth]
Jul 14 12:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26608]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.149.146.85
Jul 14 12:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26608]: Failed password for invalid user postgres from 185.149.146.85 port 56778 ssh2
Jul 14 12:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26608]: Received disconnect from 185.149.146.85 port 56778:11: Bye Bye [preauth]
Jul 14 12:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26608]: Disconnected from 185.149.146.85 port 56778 [preauth]
Jul 14 12:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.138.29.13  user=root
Jul 14 12:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26629]: Failed password for root from 174.138.29.13 port 34190 ssh2
Jul 14 12:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26629]: Received disconnect from 174.138.29.13 port 34190:11: Bye Bye [preauth]
Jul 14 12:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26629]: Disconnected from 174.138.29.13 port 34190 [preauth]
Jul 14 12:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 12:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26588]: Failed password for root from 185.93.89.118 port 29496 ssh2
Jul 14 12:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26588]: Connection closed by 185.93.89.118 port 29496 [preauth]
Jul 14 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26680]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26678]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26677]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26684]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26683]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26679]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26684]: pam_unix(cron:session): session closed for user root
Jul 14 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26677]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26765]: Successful su for rubyman by root
Jul 14 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26765]: + ??? root:rubyman
Jul 14 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26765]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784213 of user rubyman.
Jul 14 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26765]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784213.
Jul 14 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.121.0.25  user=root
Jul 14 12:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26674]: Failed password for root from 185.121.0.25 port 46050 ssh2
Jul 14 12:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26674]: Received disconnect from 185.121.0.25 port 46050:11: Bye Bye [preauth]
Jul 14 12:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26674]: Disconnected from 185.121.0.25 port 46050 [preauth]
Jul 14 12:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26679]: pam_unix(cron:session): session closed for user root
Jul 14 12:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23596]: pam_unix(cron:session): session closed for user root
Jul 14 12:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26678]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.30.109  user=root
Jul 14 12:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27134]: Failed password for root from 139.59.30.109 port 37568 ssh2
Jul 14 12:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27134]: Received disconnect from 139.59.30.109 port 37568:11: Bye Bye [preauth]
Jul 14 12:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27134]: Disconnected from 139.59.30.109 port 37568 [preauth]
Jul 14 12:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 12:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.64.226  user=root
Jul 14 12:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26837]: Failed password for root from 185.93.89.118 port 11440 ssh2
Jul 14 12:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27146]: Failed password for root from 8.243.64.226 port 43144 ssh2
Jul 14 12:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27146]: Received disconnect from 8.243.64.226 port 43144:11: Bye Bye [preauth]
Jul 14 12:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27146]: Disconnected from 8.243.64.226 port 43144 [preauth]
Jul 14 12:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26837]: Connection closed by 185.93.89.118 port 11440 [preauth]
Jul 14 12:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25666]: pam_unix(cron:session): session closed for user root
Jul 14 12:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 12:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27184]: Failed password for root from 185.93.89.118 port 11674 ssh2
Jul 14 12:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27184]: Connection closed by 185.93.89.118 port 11674 [preauth]
Jul 14 12:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.138.29.13  user=root
Jul 14 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27291]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27292]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27290]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27289]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27289]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27419]: Successful su for rubyman by root
Jul 14 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27419]: + ??? root:rubyman
Jul 14 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27419]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784217 of user rubyman.
Jul 14 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27419]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784217.
Jul 14 12:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27284]: Failed password for root from 174.138.29.13 port 48898 ssh2
Jul 14 12:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27284]: Received disconnect from 174.138.29.13 port 48898:11: Bye Bye [preauth]
Jul 14 12:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27284]: Disconnected from 174.138.29.13 port 48898 [preauth]
Jul 14 12:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24149]: pam_unix(cron:session): session closed for user root
Jul 14 12:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27290]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 12:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.121.0.25  user=root
Jul 14 12:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27286]: Failed password for root from 185.93.89.118 port 32632 ssh2
Jul 14 12:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27286]: Connection closed by 185.93.89.118 port 32632 [preauth]
Jul 14 12:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27719]: Failed password for root from 185.121.0.25 port 38692 ssh2
Jul 14 12:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27719]: Received disconnect from 185.121.0.25 port 38692:11: Bye Bye [preauth]
Jul 14 12:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27719]: Disconnected from 185.121.0.25 port 38692 [preauth]
Jul 14 12:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27742]: Invalid user grafana from 185.149.146.85
Jul 14 12:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27742]: input_userauth_request: invalid user grafana [preauth]
Jul 14 12:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27742]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.149.146.85
Jul 14 12:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27742]: Failed password for invalid user grafana from 185.149.146.85 port 59488 ssh2
Jul 14 12:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27742]: Received disconnect from 185.149.146.85 port 59488:11: Bye Bye [preauth]
Jul 14 12:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27742]: Disconnected from 185.149.146.85 port 59488 [preauth]
Jul 14 12:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.30.109  user=root
Jul 14 12:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26156]: pam_unix(cron:session): session closed for user root
Jul 14 12:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27755]: Failed password for root from 139.59.30.109 port 55810 ssh2
Jul 14 12:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27755]: Received disconnect from 139.59.30.109 port 55810:11: Bye Bye [preauth]
Jul 14 12:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27755]: Disconnected from 139.59.30.109 port 55810 [preauth]
Jul 14 12:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.64.226  user=root
Jul 14 12:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27792]: Failed password for root from 8.243.64.226 port 48160 ssh2
Jul 14 12:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27792]: Received disconnect from 8.243.64.226 port 48160:11: Bye Bye [preauth]
Jul 14 12:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27792]: Disconnected from 8.243.64.226 port 48160 [preauth]
Jul 14 12:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 12:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27744]: Failed password for root from 185.93.89.118 port 20824 ssh2
Jul 14 12:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27744]: Connection closed by 185.93.89.118 port 20824 [preauth]
Jul 14 12:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.178.20  user=root
Jul 14 12:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27845]: Failed password for root from 64.23.178.20 port 53802 ssh2
Jul 14 12:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27845]: Received disconnect from 64.23.178.20 port 53802:11: Bye Bye [preauth]
Jul 14 12:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27845]: Disconnected from 64.23.178.20 port 53802 [preauth]
Jul 14 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27872]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27871]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27869]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27870]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27869]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27938]: Successful su for rubyman by root
Jul 14 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27938]: + ??? root:rubyman
Jul 14 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27938]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784219 of user rubyman.
Jul 14 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27938]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784219.
Jul 14 12:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24745]: pam_unix(cron:session): session closed for user root
Jul 14 12:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27870]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.138.29.13  user=root
Jul 14 12:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 12:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28168]: Failed password for root from 174.138.29.13 port 44036 ssh2
Jul 14 12:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28168]: Received disconnect from 174.138.29.13 port 44036:11: Bye Bye [preauth]
Jul 14 12:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28168]: Disconnected from 174.138.29.13 port 44036 [preauth]
Jul 14 12:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27866]: Failed password for root from 185.93.89.118 port 12050 ssh2
Jul 14 12:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27866]: Connection closed by 185.93.89.118 port 12050 [preauth]
Jul 14 12:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28178]: Invalid user prueba from 185.149.146.85
Jul 14 12:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28178]: input_userauth_request: invalid user prueba [preauth]
Jul 14 12:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28178]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.149.146.85
Jul 14 12:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28178]: Failed password for invalid user prueba from 185.149.146.85 port 47260 ssh2
Jul 14 12:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28178]: Received disconnect from 185.149.146.85 port 47260:11: Bye Bye [preauth]
Jul 14 12:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28178]: Disconnected from 185.149.146.85 port 47260 [preauth]
Jul 14 12:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26683]: pam_unix(cron:session): session closed for user root
Jul 14 12:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.121.0.25  user=root
Jul 14 12:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28246]: Failed password for root from 185.121.0.25 port 40842 ssh2
Jul 14 12:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28246]: Received disconnect from 185.121.0.25 port 40842:11: Bye Bye [preauth]
Jul 14 12:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28246]: Disconnected from 185.121.0.25 port 40842 [preauth]
Jul 14 12:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 12:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.30.109  user=root
Jul 14 12:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28203]: Failed password for root from 185.93.89.118 port 47626 ssh2
Jul 14 12:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28203]: Connection closed by 185.93.89.118 port 47626 [preauth]
Jul 14 12:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28279]: Failed password for root from 139.59.30.109 port 48264 ssh2
Jul 14 12:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28279]: Received disconnect from 139.59.30.109 port 48264:11: Bye Bye [preauth]
Jul 14 12:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28279]: Disconnected from 139.59.30.109 port 48264 [preauth]
Jul 14 12:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.64.226  user=root
Jul 14 12:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28302]: Invalid user idande from 164.68.105.9
Jul 14 12:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28302]: input_userauth_request: invalid user idande [preauth]
Jul 14 12:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28302]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Jul 14 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28307]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28308]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28306]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28305]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28305]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28298]: Failed password for root from 8.243.64.226 port 40960 ssh2
Jul 14 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28298]: Received disconnect from 8.243.64.226 port 40960:11: Bye Bye [preauth]
Jul 14 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28298]: Disconnected from 8.243.64.226 port 40960 [preauth]
Jul 14 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28383]: Successful su for rubyman by root
Jul 14 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28383]: + ??? root:rubyman
Jul 14 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28383]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784224 of user rubyman.
Jul 14 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28383]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784224.
Jul 14 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28302]: Failed password for invalid user idande from 164.68.105.9 port 49850 ssh2
Jul 14 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28302]: Connection closed by 164.68.105.9 port 49850 [preauth]
Jul 14 12:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.80.6  user=root
Jul 14 12:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25182]: pam_unix(cron:session): session closed for user root
Jul 14 12:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28468]: Failed password for root from 102.210.80.6 port 43757 ssh2
Jul 14 12:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28468]: Received disconnect from 102.210.80.6 port 43757:11: Bye Bye [preauth]
Jul 14 12:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28468]: Disconnected from 102.210.80.6 port 43757 [preauth]
Jul 14 12:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28306]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 12:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28626]: Invalid user usuario from 185.149.146.85
Jul 14 12:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28626]: input_userauth_request: invalid user usuario [preauth]
Jul 14 12:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28626]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.149.146.85
Jul 14 12:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28289]: Failed password for root from 185.93.89.118 port 42664 ssh2
Jul 14 12:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28289]: Connection closed by 185.93.89.118 port 42664 [preauth]
Jul 14 12:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28626]: Failed password for invalid user usuario from 185.149.146.85 port 56694 ssh2
Jul 14 12:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28626]: Received disconnect from 185.149.146.85 port 56694:11: Bye Bye [preauth]
Jul 14 12:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28626]: Disconnected from 185.149.146.85 port 56694 [preauth]
Jul 14 12:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.138.29.13  user=root
Jul 14 12:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27292]: pam_unix(cron:session): session closed for user root
Jul 14 12:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28671]: Failed password for root from 174.138.29.13 port 35962 ssh2
Jul 14 12:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28671]: Received disconnect from 174.138.29.13 port 35962:11: Bye Bye [preauth]
Jul 14 12:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28671]: Disconnected from 174.138.29.13 port 35962 [preauth]
Jul 14 12:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 12:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28650]: Failed password for root from 185.93.89.118 port 4544 ssh2
Jul 14 12:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28650]: Connection closed by 185.93.89.118 port 4544 [preauth]
Jul 14 12:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.178.20  user=root
Jul 14 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28760]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28758]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28761]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28757]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28754]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28757]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28911]: Successful su for rubyman by root
Jul 14 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28911]: + ??? root:rubyman
Jul 14 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28911]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784227 of user rubyman.
Jul 14 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28911]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784227.
Jul 14 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28752]: Failed password for root from 64.23.178.20 port 33130 ssh2
Jul 14 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28752]: Received disconnect from 64.23.178.20 port 33130:11: Bye Bye [preauth]
Jul 14 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28752]: Disconnected from 64.23.178.20 port 33130 [preauth]
Jul 14 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28754]: pam_unix(cron:session): session closed for user root
Jul 14 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.121.0.25  user=root
Jul 14 12:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28859]: Failed password for root from 185.121.0.25 port 59078 ssh2
Jul 14 12:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28859]: Received disconnect from 185.121.0.25 port 59078:11: Bye Bye [preauth]
Jul 14 12:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28859]: Disconnected from 185.121.0.25 port 59078 [preauth]
Jul 14 12:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25665]: pam_unix(cron:session): session closed for user root
Jul 14 12:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.30.109  user=root
Jul 14 12:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28758]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29185]: Failed password for root from 139.59.30.109 port 50910 ssh2
Jul 14 12:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29185]: Received disconnect from 139.59.30.109 port 50910:11: Bye Bye [preauth]
Jul 14 12:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29185]: Disconnected from 139.59.30.109 port 50910 [preauth]
Jul 14 12:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 12:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28742]: Failed password for root from 185.93.89.118 port 48600 ssh2
Jul 14 12:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28742]: Connection closed by 185.93.89.118 port 48600 [preauth]
Jul 14 12:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.64.226  user=root
Jul 14 12:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29245]: Failed password for root from 8.243.64.226 port 40156 ssh2
Jul 14 12:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29245]: Received disconnect from 8.243.64.226 port 40156:11: Bye Bye [preauth]
Jul 14 12:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29245]: Disconnected from 8.243.64.226 port 40156 [preauth]
Jul 14 12:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27872]: pam_unix(cron:session): session closed for user root
Jul 14 12:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 12:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: Failed password for root from 185.93.89.118 port 53220 ssh2
Jul 14 12:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: Connection closed by 185.93.89.118 port 53220 [preauth]
Jul 14 12:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29348]: Invalid user root1 from 174.138.29.13
Jul 14 12:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29348]: input_userauth_request: invalid user root1 [preauth]
Jul 14 12:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29348]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.138.29.13
Jul 14 12:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29348]: Failed password for invalid user root1 from 174.138.29.13 port 48802 ssh2
Jul 14 12:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29348]: Received disconnect from 174.138.29.13 port 48802:11: Bye Bye [preauth]
Jul 14 12:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29348]: Disconnected from 174.138.29.13 port 48802 [preauth]
Jul 14 12:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29385]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29389]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29384]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29390]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29392]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29383]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29392]: pam_unix(cron:session): session closed for user root
Jul 14 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29383]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29469]: Successful su for rubyman by root
Jul 14 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29469]: + ??? root:rubyman
Jul 14 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29469]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784235 of user rubyman.
Jul 14 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29469]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784235.
Jul 14 12:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26155]: pam_unix(cron:session): session closed for user root
Jul 14 12:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29385]: pam_unix(cron:session): session closed for user root
Jul 14 12:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29384]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 12:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29361]: Failed password for root from 185.93.89.118 port 57142 ssh2
Jul 14 12:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29361]: Connection closed by 185.93.89.118 port 57142 [preauth]
Jul 14 12:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29729]: Invalid user root1 from 139.59.30.109
Jul 14 12:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29729]: input_userauth_request: invalid user root1 [preauth]
Jul 14 12:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29729]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.30.109
Jul 14 12:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.121.0.25  user=root
Jul 14 12:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29729]: Failed password for invalid user root1 from 139.59.30.109 port 49074 ssh2
Jul 14 12:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29729]: Received disconnect from 139.59.30.109 port 49074:11: Bye Bye [preauth]
Jul 14 12:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29729]: Disconnected from 139.59.30.109 port 49074 [preauth]
Jul 14 12:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29731]: Failed password for root from 185.121.0.25 port 57962 ssh2
Jul 14 12:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29731]: Received disconnect from 185.121.0.25 port 57962:11: Bye Bye [preauth]
Jul 14 12:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29731]: Disconnected from 185.121.0.25 port 57962 [preauth]
Jul 14 12:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.64.226  user=root
Jul 14 12:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28308]: pam_unix(cron:session): session closed for user root
Jul 14 12:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29784]: Failed password for root from 8.243.64.226 port 36486 ssh2
Jul 14 12:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29784]: Received disconnect from 8.243.64.226 port 36486:11: Bye Bye [preauth]
Jul 14 12:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29784]: Disconnected from 8.243.64.226 port 36486 [preauth]
Jul 14 12:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 12:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29733]: Failed password for root from 185.93.89.118 port 24366 ssh2
Jul 14 12:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29733]: Connection closed by 185.93.89.118 port 24366 [preauth]
Jul 14 12:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.178.20  user=root
Jul 14 12:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29852]: Failed password for root from 64.23.178.20 port 35236 ssh2
Jul 14 12:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29852]: Received disconnect from 64.23.178.20 port 35236:11: Bye Bye [preauth]
Jul 14 12:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29852]: Disconnected from 64.23.178.20 port 35236 [preauth]
Jul 14 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29869]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29868]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29867]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29866]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29866]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29944]: Successful su for rubyman by root
Jul 14 12:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29944]: + ??? root:rubyman
Jul 14 12:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29944]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784239 of user rubyman.
Jul 14 12:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29944]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784239.
Jul 14 12:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.138.29.13  user=root
Jul 14 12:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29920]: Failed password for root from 174.138.29.13 port 42564 ssh2
Jul 14 12:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29920]: Received disconnect from 174.138.29.13 port 42564:11: Bye Bye [preauth]
Jul 14 12:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29920]: Disconnected from 174.138.29.13 port 42564 [preauth]
Jul 14 12:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26680]: pam_unix(cron:session): session closed for user root
Jul 14 12:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29867]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30142]: Invalid user sftpuser from 185.149.146.85
Jul 14 12:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30142]: input_userauth_request: invalid user sftpuser [preauth]
Jul 14 12:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30142]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.149.146.85
Jul 14 12:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 12:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30142]: Failed password for invalid user sftpuser from 185.149.146.85 port 44968 ssh2
Jul 14 12:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30142]: Received disconnect from 185.149.146.85 port 44968:11: Bye Bye [preauth]
Jul 14 12:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30142]: Disconnected from 185.149.146.85 port 44968 [preauth]
Jul 14 12:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29841]: Failed password for root from 185.93.89.118 port 15668 ssh2
Jul 14 12:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29841]: Connection closed by 185.93.89.118 port 15668 [preauth]
Jul 14 12:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28761]: pam_unix(cron:session): session closed for user root
Jul 14 12:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.30.109  user=root
Jul 14 12:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30235]: Failed password for root from 139.59.30.109 port 39176 ssh2
Jul 14 12:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30235]: Received disconnect from 139.59.30.109 port 39176:11: Bye Bye [preauth]
Jul 14 12:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30235]: Disconnected from 139.59.30.109 port 39176 [preauth]
Jul 14 12:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 12:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.121.0.25  user=root
Jul 14 12:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30175]: Failed password for root from 185.93.89.118 port 29326 ssh2
Jul 14 12:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30245]: Failed password for root from 185.121.0.25 port 34908 ssh2
Jul 14 12:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30245]: Received disconnect from 185.121.0.25 port 34908:11: Bye Bye [preauth]
Jul 14 12:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30245]: Disconnected from 185.121.0.25 port 34908 [preauth]
Jul 14 12:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30175]: Connection closed by 185.93.89.118 port 29326 [preauth]
Jul 14 12:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.64.226  user=root
Jul 14 12:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30279]: Failed password for root from 8.243.64.226 port 46896 ssh2
Jul 14 12:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30279]: Received disconnect from 8.243.64.226 port 46896:11: Bye Bye [preauth]
Jul 14 12:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30279]: Disconnected from 8.243.64.226 port 46896 [preauth]
Jul 14 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30305]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30306]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30304]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30303]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30303]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30366]: Successful su for rubyman by root
Jul 14 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30366]: + ??? root:rubyman
Jul 14 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30366]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784243 of user rubyman.
Jul 14 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30366]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784243.
Jul 14 12:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27291]: pam_unix(cron:session): session closed for user root
Jul 14 12:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30304]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 12:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30268]: Failed password for root from 185.93.89.118 port 60734 ssh2
Jul 14 12:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30268]: Connection closed by 185.93.89.118 port 60734 [preauth]
Jul 14 12:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.138.29.13  user=root
Jul 14 12:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30611]: Invalid user kafka from 14.103.105.254
Jul 14 12:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30611]: input_userauth_request: invalid user kafka [preauth]
Jul 14 12:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30611]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.105.254
Jul 14 12:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30609]: Failed password for root from 174.138.29.13 port 38348 ssh2
Jul 14 12:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30609]: Received disconnect from 174.138.29.13 port 38348:11: Bye Bye [preauth]
Jul 14 12:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30609]: Disconnected from 174.138.29.13 port 38348 [preauth]
Jul 14 12:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30611]: Failed password for invalid user kafka from 14.103.105.254 port 27828 ssh2
Jul 14 12:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30611]: Received disconnect from 14.103.105.254 port 27828:11: Bye Bye [preauth]
Jul 14 12:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30611]: Disconnected from 14.103.105.254 port 27828 [preauth]
Jul 14 12:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29390]: pam_unix(cron:session): session closed for user root
Jul 14 12:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 12:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30597]: Failed password for root from 185.93.89.118 port 28958 ssh2
Jul 14 12:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30597]: Connection closed by 185.93.89.118 port 28958 [preauth]
Jul 14 12:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.30.109  user=root
Jul 14 12:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: Failed password for root from 139.59.30.109 port 56432 ssh2
Jul 14 12:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: Received disconnect from 139.59.30.109 port 56432:11: Bye Bye [preauth]
Jul 14 12:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: Disconnected from 139.59.30.109 port 56432 [preauth]
Jul 14 12:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30740]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30741]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30736]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30739]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30736]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.121.0.25  user=root
Jul 14 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30802]: Successful su for rubyman by root
Jul 14 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30802]: + ??? root:rubyman
Jul 14 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30802]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784247 of user rubyman.
Jul 14 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30802]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784247.
Jul 14 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30733]: Invalid user kafka from 185.149.146.85
Jul 14 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30733]: input_userauth_request: invalid user kafka [preauth]
Jul 14 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30733]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.149.146.85
Jul 14 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.178.20  user=root
Jul 14 12:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30731]: Failed password for root from 185.121.0.25 port 38214 ssh2
Jul 14 12:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30826]: Failed password for root from 64.23.178.20 port 35196 ssh2
Jul 14 12:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30826]: Received disconnect from 64.23.178.20 port 35196:11: Bye Bye [preauth]
Jul 14 12:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30826]: Disconnected from 64.23.178.20 port 35196 [preauth]
Jul 14 12:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30731]: Received disconnect from 185.121.0.25 port 38214:11: Bye Bye [preauth]
Jul 14 12:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30731]: Disconnected from 185.121.0.25 port 38214 [preauth]
Jul 14 12:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30733]: Failed password for invalid user kafka from 185.149.146.85 port 41704 ssh2
Jul 14 12:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30733]: Received disconnect from 185.149.146.85 port 41704:11: Bye Bye [preauth]
Jul 14 12:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30733]: Disconnected from 185.149.146.85 port 41704 [preauth]
Jul 14 12:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27871]: pam_unix(cron:session): session closed for user root
Jul 14 12:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 12:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30739]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30694]: Failed password for root from 185.93.89.118 port 40090 ssh2
Jul 14 12:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30694]: Connection closed by 185.93.89.118 port 40090 [preauth]
Jul 14 12:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31101]: Invalid user admin from 14.103.105.254
Jul 14 12:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31101]: input_userauth_request: invalid user admin [preauth]
Jul 14 12:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31101]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.105.254
Jul 14 12:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31101]: Failed password for invalid user admin from 14.103.105.254 port 14612 ssh2
Jul 14 12:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31101]: Received disconnect from 14.103.105.254 port 14612:11: Bye Bye [preauth]
Jul 14 12:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31101]: Disconnected from 14.103.105.254 port 14612 [preauth]
Jul 14 12:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.64.226  user=root
Jul 14 12:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31112]: Failed password for root from 8.243.64.226 port 60000 ssh2
Jul 14 12:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31112]: Received disconnect from 8.243.64.226 port 60000:11: Bye Bye [preauth]
Jul 14 12:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31112]: Disconnected from 8.243.64.226 port 60000 [preauth]
Jul 14 12:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29869]: pam_unix(cron:session): session closed for user root
Jul 14 12:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 12:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31127]: Failed password for root from 185.93.89.118 port 17146 ssh2
Jul 14 12:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31127]: Connection closed by 185.93.89.118 port 17146 [preauth]
Jul 14 12:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.138.29.13  user=root
Jul 14 12:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31211]: Failed password for root from 174.138.29.13 port 51460 ssh2
Jul 14 12:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31211]: Received disconnect from 174.138.29.13 port 51460:11: Bye Bye [preauth]
Jul 14 12:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31211]: Disconnected from 174.138.29.13 port 51460 [preauth]
Jul 14 12:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31245]: Invalid user devops from 14.103.105.254
Jul 14 12:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31245]: input_userauth_request: invalid user devops [preauth]
Jul 14 12:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31245]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.105.254
Jul 14 12:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31245]: Failed password for invalid user devops from 14.103.105.254 port 26590 ssh2
Jul 14 12:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31245]: Received disconnect from 14.103.105.254 port 26590:11: Bye Bye [preauth]
Jul 14 12:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31245]: Disconnected from 14.103.105.254 port 26590 [preauth]
Jul 14 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31273]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31271]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31272]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31270]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31270]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31339]: Successful su for rubyman by root
Jul 14 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31339]: + ??? root:rubyman
Jul 14 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31339]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784250 of user rubyman.
Jul 14 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31339]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784250.
Jul 14 12:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 12:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31221]: Failed password for root from 185.93.89.118 port 42442 ssh2
Jul 14 12:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28307]: pam_unix(cron:session): session closed for user root
Jul 14 12:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31221]: Connection closed by 185.93.89.118 port 42442 [preauth]
Jul 14 12:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31271]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.30.109  user=root
Jul 14 12:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31547]: Failed password for root from 139.59.30.109 port 54326 ssh2
Jul 14 12:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31547]: Received disconnect from 139.59.30.109 port 54326:11: Bye Bye [preauth]
Jul 14 12:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31547]: Disconnected from 139.59.30.109 port 54326 [preauth]
Jul 14 12:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.121.0.25  user=root
Jul 14 12:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31588]: Failed password for root from 185.121.0.25 port 48542 ssh2
Jul 14 12:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31588]: Received disconnect from 185.121.0.25 port 48542:11: Bye Bye [preauth]
Jul 14 12:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31588]: Disconnected from 185.121.0.25 port 48542 [preauth]
Jul 14 12:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 12:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31542]: Failed password for root from 185.93.89.118 port 31502 ssh2
Jul 14 12:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30306]: pam_unix(cron:session): session closed for user root
Jul 14 12:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31542]: Connection closed by 185.93.89.118 port 31502 [preauth]
Jul 14 12:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.64.226  user=root
Jul 14 12:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31656]: Failed password for root from 8.243.64.226 port 37734 ssh2
Jul 14 12:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31656]: Received disconnect from 8.243.64.226 port 37734:11: Bye Bye [preauth]
Jul 14 12:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31656]: Disconnected from 8.243.64.226 port 37734 [preauth]
Jul 14 12:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31672]: Invalid user hadoop from 14.103.105.254
Jul 14 12:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31672]: input_userauth_request: invalid user hadoop [preauth]
Jul 14 12:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31672]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.105.254
Jul 14 12:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31672]: Failed password for invalid user hadoop from 14.103.105.254 port 12618 ssh2
Jul 14 12:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31672]: Received disconnect from 14.103.105.254 port 12618:11: Bye Bye [preauth]
Jul 14 12:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31672]: Disconnected from 14.103.105.254 port 12618 [preauth]
Jul 14 12:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31720]: Invalid user admin from 78.128.112.74
Jul 14 12:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31720]: input_userauth_request: invalid user admin [preauth]
Jul 14 12:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31720]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74
Jul 14 12:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31720]: Failed password for invalid user admin from 78.128.112.74 port 57766 ssh2
Jul 14 12:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31720]: Connection closed by 78.128.112.74 port 57766 [preauth]
Jul 14 12:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31732]: Invalid user vhserver from 185.149.146.85
Jul 14 12:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31732]: input_userauth_request: invalid user vhserver [preauth]
Jul 14 12:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31732]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.149.146.85
Jul 14 12:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31732]: Failed password for invalid user vhserver from 185.149.146.85 port 34334 ssh2
Jul 14 12:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31732]: Received disconnect from 185.149.146.85 port 34334:11: Bye Bye [preauth]
Jul 14 12:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31732]: Disconnected from 185.149.146.85 port 34334 [preauth]
Jul 14 12:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.178.20  user=root
Jul 14 12:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31744]: Failed password for root from 64.23.178.20 port 60180 ssh2
Jul 14 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31744]: Received disconnect from 64.23.178.20 port 60180:11: Bye Bye [preauth]
Jul 14 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31744]: Disconnected from 64.23.178.20 port 60180 [preauth]
Jul 14 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31752]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31750]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31754]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31755]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31751]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31749]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31755]: pam_unix(cron:session): session closed for user root
Jul 14 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31749]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31826]: Successful su for rubyman by root
Jul 14 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31826]: + ??? root:rubyman
Jul 14 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31826]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.138.29.13  user=root
Jul 14 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784258 of user rubyman.
Jul 14 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31826]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784258.
Jul 14 12:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31674]: Failed password for root from 185.93.89.118 port 17304 ssh2
Jul 14 12:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31674]: Connection closed by 185.93.89.118 port 17304 [preauth]
Jul 14 12:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31746]: Failed password for root from 174.138.29.13 port 52794 ssh2
Jul 14 12:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31746]: Received disconnect from 174.138.29.13 port 52794:11: Bye Bye [preauth]
Jul 14 12:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31746]: Disconnected from 174.138.29.13 port 52794 [preauth]
Jul 14 12:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31751]: pam_unix(cron:session): session closed for user root
Jul 14 12:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28760]: pam_unix(cron:session): session closed for user root
Jul 14 12:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31750]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32402]: Invalid user sumit from 14.103.105.254
Jul 14 12:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32402]: input_userauth_request: invalid user sumit [preauth]
Jul 14 12:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32402]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.105.254
Jul 14 12:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32402]: Failed password for invalid user sumit from 14.103.105.254 port 61876 ssh2
Jul 14 12:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32402]: Received disconnect from 14.103.105.254 port 61876:11: Bye Bye [preauth]
Jul 14 12:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32402]: Disconnected from 14.103.105.254 port 61876 [preauth]
Jul 14 12:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 12:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.30.109  user=root
Jul 14 12:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32344]: Failed password for root from 185.93.89.118 port 64524 ssh2
Jul 14 12:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32430]: Failed password for root from 139.59.30.109 port 56192 ssh2
Jul 14 12:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32344]: Connection closed by 185.93.89.118 port 64524 [preauth]
Jul 14 12:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32430]: Received disconnect from 139.59.30.109 port 56192:11: Bye Bye [preauth]
Jul 14 12:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32430]: Disconnected from 139.59.30.109 port 56192 [preauth]
Jul 14 12:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30741]: pam_unix(cron:session): session closed for user root
Jul 14 12:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32469]: Invalid user telnet from 80.94.95.15
Jul 14 12:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32469]: input_userauth_request: invalid user telnet [preauth]
Jul 14 12:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32469]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.15
Jul 14 12:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32469]: Failed password for invalid user telnet from 80.94.95.15 port 42830 ssh2
Jul 14 12:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32469]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32469]: Failed password for invalid user telnet from 80.94.95.15 port 42830 ssh2
Jul 14 12:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32469]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32483]: Invalid user root1 from 185.121.0.25
Jul 14 12:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32483]: input_userauth_request: invalid user root1 [preauth]
Jul 14 12:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32483]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.121.0.25
Jul 14 12:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32469]: Failed password for invalid user telnet from 80.94.95.15 port 42830 ssh2
Jul 14 12:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32469]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32483]: Failed password for invalid user root1 from 185.121.0.25 port 55612 ssh2
Jul 14 12:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32483]: Received disconnect from 185.121.0.25 port 55612:11: Bye Bye [preauth]
Jul 14 12:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32483]: Disconnected from 185.121.0.25 port 55612 [preauth]
Jul 14 12:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32469]: Failed password for invalid user telnet from 80.94.95.15 port 42830 ssh2
Jul 14 12:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32469]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32469]: Failed password for invalid user telnet from 80.94.95.15 port 42830 ssh2
Jul 14 12:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32511]: Invalid user casaos from 185.149.146.85
Jul 14 12:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32511]: input_userauth_request: invalid user casaos [preauth]
Jul 14 12:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32511]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.149.146.85
Jul 14 12:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32469]: Received disconnect from 80.94.95.15 port 42830:11: Bye [preauth]
Jul 14 12:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32469]: Disconnected from 80.94.95.15 port 42830 [preauth]
Jul 14 12:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32469]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.15
Jul 14 12:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32469]: PAM service(sshd) ignoring max retries; 5 > 3
Jul 14 12:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32511]: Failed password for invalid user casaos from 185.149.146.85 port 53750 ssh2
Jul 14 12:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32511]: Received disconnect from 185.149.146.85 port 53750:11: Bye Bye [preauth]
Jul 14 12:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32511]: Disconnected from 185.149.146.85 port 53750 [preauth]
Jul 14 12:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.64.226  user=root
Jul 14 12:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32519]: Failed password for root from 8.243.64.226 port 43074 ssh2
Jul 14 12:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32519]: Received disconnect from 8.243.64.226 port 43074:11: Bye Bye [preauth]
Jul 14 12:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32519]: Disconnected from 8.243.64.226 port 43074 [preauth]
Jul 14 12:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32480]: Failed password for root from 185.93.89.118 port 1538 ssh2
Jul 14 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32547]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32548]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32545]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32544]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32544]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32480]: Connection closed by 185.93.89.118 port 1538 [preauth]
Jul 14 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32688]: Successful su for rubyman by root
Jul 14 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32688]: + ??? root:rubyman
Jul 14 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32688]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784261 of user rubyman.
Jul 14 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32688]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784261.
Jul 14 12:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29389]: pam_unix(cron:session): session closed for user root
Jul 14 12:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32545]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.138.29.13  user=root
Jul 14 12:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[545]: Failed password for root from 174.138.29.13 port 55918 ssh2
Jul 14 12:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[545]: Received disconnect from 174.138.29.13 port 55918:11: Bye Bye [preauth]
Jul 14 12:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[545]: Disconnected from 174.138.29.13 port 55918 [preauth]
Jul 14 12:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 12:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[493]: Failed password for root from 185.93.89.118 port 5062 ssh2
Jul 14 12:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[493]: Connection closed by 185.93.89.118 port 5062 [preauth]
Jul 14 12:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31273]: pam_unix(cron:session): session closed for user root
Jul 14 12:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[649]: User mysql from 185.149.146.85 not allowed because not listed in AllowUsers
Jul 14 12:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[649]: input_userauth_request: invalid user mysql [preauth]
Jul 14 12:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.149.146.85  user=mysql
Jul 14 12:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[649]: Failed password for invalid user mysql from 185.149.146.85 port 49678 ssh2
Jul 14 12:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[649]: Received disconnect from 185.149.146.85 port 49678:11: Bye Bye [preauth]
Jul 14 12:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[649]: Disconnected from 185.149.146.85 port 49678 [preauth]
Jul 14 12:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.30.109  user=root
Jul 14 12:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[660]: Failed password for root from 139.59.30.109 port 55874 ssh2
Jul 14 12:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[660]: Received disconnect from 139.59.30.109 port 55874:11: Bye Bye [preauth]
Jul 14 12:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[660]: Disconnected from 139.59.30.109 port 55874 [preauth]
Jul 14 12:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 12:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[680]: Invalid user deploy from 14.103.105.254
Jul 14 12:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[680]: input_userauth_request: invalid user deploy [preauth]
Jul 14 12:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[680]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.105.254
Jul 14 12:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.121.0.25  user=root
Jul 14 12:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[624]: Failed password for root from 185.93.89.118 port 13658 ssh2
Jul 14 12:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[680]: Failed password for invalid user deploy from 14.103.105.254 port 60162 ssh2
Jul 14 12:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[624]: Connection closed by 185.93.89.118 port 13658 [preauth]
Jul 14 12:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[691]: Failed password for root from 185.121.0.25 port 60100 ssh2
Jul 14 12:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[691]: Received disconnect from 185.121.0.25 port 60100:11: Bye Bye [preauth]
Jul 14 12:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[691]: Disconnected from 185.121.0.25 port 60100 [preauth]
Jul 14 12:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[680]: Received disconnect from 14.103.105.254 port 60162:11: Bye Bye [preauth]
Jul 14 12:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[680]: Disconnected from 14.103.105.254 port 60162 [preauth]
Jul 14 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[714]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[713]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[715]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[712]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[710]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[710]: pam_unix(cron:session): session closed for user root
Jul 14 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[712]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[790]: Successful su for rubyman by root
Jul 14 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[790]: + ??? root:rubyman
Jul 14 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[790]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784266 of user rubyman.
Jul 14 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[790]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784266.
Jul 14 12:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29868]: pam_unix(cron:session): session closed for user root
Jul 14 12:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.64.226  user=root
Jul 14 12:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[981]: Failed password for root from 8.243.64.226 port 60748 ssh2
Jul 14 12:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[981]: Received disconnect from 8.243.64.226 port 60748:11: Bye Bye [preauth]
Jul 14 12:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[981]: Disconnected from 8.243.64.226 port 60748 [preauth]
Jul 14 12:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[713]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 12:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[966]: Failed password for root from 185.93.89.118 port 46716 ssh2
Jul 14 12:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[966]: Connection closed by 185.93.89.118 port 46716 [preauth]
Jul 14 12:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31754]: pam_unix(cron:session): session closed for user root
Jul 14 12:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1169]: Invalid user deploy from 185.149.146.85
Jul 14 12:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1169]: input_userauth_request: invalid user deploy [preauth]
Jul 14 12:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1169]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.149.146.85
Jul 14 12:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1169]: Failed password for invalid user deploy from 185.149.146.85 port 47686 ssh2
Jul 14 12:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1169]: Received disconnect from 185.149.146.85 port 47686:11: Bye Bye [preauth]
Jul 14 12:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1169]: Disconnected from 185.149.146.85 port 47686 [preauth]
Jul 14 12:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 12:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: Failed password for root from 185.93.89.118 port 43014 ssh2
Jul 14 12:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: Connection closed by 185.93.89.118 port 43014 [preauth]
Jul 14 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1246]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1247]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1244]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1243]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1243]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1321]: Successful su for rubyman by root
Jul 14 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1321]: + ??? root:rubyman
Jul 14 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1321]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784270 of user rubyman.
Jul 14 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1321]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784270.
Jul 14 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30305]: pam_unix(cron:session): session closed for user root
Jul 14 12:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1244]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.121.0.25  user=root
Jul 14 12:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1599]: Failed password for root from 185.121.0.25 port 41384 ssh2
Jul 14 12:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1599]: Received disconnect from 185.121.0.25 port 41384:11: Bye Bye [preauth]
Jul 14 12:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1599]: Disconnected from 185.121.0.25 port 41384 [preauth]
Jul 14 12:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 12:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1343]: Failed password for root from 185.93.89.118 port 56502 ssh2
Jul 14 12:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1343]: Connection closed by 185.93.89.118 port 56502 [preauth]
Jul 14 12:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32548]: pam_unix(cron:session): session closed for user root
Jul 14 12:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1685]: Invalid user vitor from 185.149.146.85
Jul 14 12:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1685]: input_userauth_request: invalid user vitor [preauth]
Jul 14 12:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1685]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.149.146.85
Jul 14 12:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1685]: Failed password for invalid user vitor from 185.149.146.85 port 45320 ssh2
Jul 14 12:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1685]: Received disconnect from 185.149.146.85 port 45320:11: Bye Bye [preauth]
Jul 14 12:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1685]: Disconnected from 185.149.146.85 port 45320 [preauth]
Jul 14 12:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 12:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1656]: Failed password for root from 185.93.89.118 port 47484 ssh2
Jul 14 12:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1656]: Connection closed by 185.93.89.118 port 47484 [preauth]
Jul 14 12:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.178.20  user=root
Jul 14 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1791]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1792]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1789]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1788]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1788]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1856]: Successful su for rubyman by root
Jul 14 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1856]: + ??? root:rubyman
Jul 14 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1856]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784274 of user rubyman.
Jul 14 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1856]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784274.
Jul 14 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1781]: Failed password for root from 64.23.178.20 port 56802 ssh2
Jul 14 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1781]: Received disconnect from 64.23.178.20 port 56802:11: Bye Bye [preauth]
Jul 14 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1781]: Disconnected from 64.23.178.20 port 56802 [preauth]
Jul 14 12:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30740]: pam_unix(cron:session): session closed for user root
Jul 14 12:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1789]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 12:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1778]: Failed password for root from 185.93.89.118 port 19312 ssh2
Jul 14 12:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1778]: Connection closed by 185.93.89.118 port 19312 [preauth]
Jul 14 12:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[715]: pam_unix(cron:session): session closed for user root
Jul 14 12:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.121.0.25  user=root
Jul 14 12:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2249]: Failed password for root from 185.121.0.25 port 34462 ssh2
Jul 14 12:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2249]: Received disconnect from 185.121.0.25 port 34462:11: Bye Bye [preauth]
Jul 14 12:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2249]: Disconnected from 185.121.0.25 port 34462 [preauth]
Jul 14 12:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
Jul 14 12:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2218]: Failed password for root from 185.93.89.118 port 19332 ssh2
Jul 14 12:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2218]: Connection closed by 185.93.89.118 port 19332 [preauth]
Jul 14 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2311]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2312]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2310]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2308]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2313]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2309]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2313]: pam_unix(cron:session): session closed for user root
Jul 14 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2308]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2393]: Successful su for rubyman by root
Jul 14 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2393]: + ??? root:rubyman
Jul 14 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2393]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784278 of user rubyman.
Jul 14 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2393]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784278.
Jul 14 12:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31272]: pam_unix(cron:session): session closed for user root
Jul 14 12:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2310]: pam_unix(cron:session): session closed for user root
Jul 14 12:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2309]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2712]: Invalid user azureuser from 185.149.146.85
Jul 14 12:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2712]: input_userauth_request: invalid user azureuser [preauth]
Jul 14 12:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2712]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.149.146.85
Jul 14 12:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2712]: Failed password for invalid user azureuser from 185.149.146.85 port 52234 ssh2
Jul 14 12:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2712]: Received disconnect from 185.149.146.85 port 52234:11: Bye Bye [preauth]
Jul 14 12:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2712]: Disconnected from 185.149.146.85 port 52234 [preauth]
Jul 14 12:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1247]: pam_unix(cron:session): session closed for user root
Jul 14 12:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.178.20  user=root
Jul 14 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2815]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2813]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2814]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2812]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2812]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2889]: Successful su for rubyman by root
Jul 14 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2889]: + ??? root:rubyman
Jul 14 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2889]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784283 of user rubyman.
Jul 14 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2889]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784283.
Jul 14 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2809]: Failed password for root from 64.23.178.20 port 46446 ssh2
Jul 14 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2809]: Received disconnect from 64.23.178.20 port 46446:11: Bye Bye [preauth]
Jul 14 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2809]: Disconnected from 64.23.178.20 port 46446 [preauth]
Jul 14 12:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
Jul 14 12:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31752]: pam_unix(cron:session): session closed for user root
Jul 14 12:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2813]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3053]: Failed password for root from 164.68.105.9 port 43718 ssh2
Jul 14 12:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3053]: Connection closed by 164.68.105.9 port 43718 [preauth]
Jul 14 12:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1792]: pam_unix(cron:session): session closed for user root
Jul 14 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3267]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3265]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3266]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3264]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3264]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3332]: Successful su for rubyman by root
Jul 14 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3332]: + ??? root:rubyman
Jul 14 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3332]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784287 of user rubyman.
Jul 14 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3332]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784287.
Jul 14 12:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32547]: pam_unix(cron:session): session closed for user root
Jul 14 12:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3265]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2312]: pam_unix(cron:session): session closed for user root
Jul 14 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3742]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3741]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3740]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3739]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3739]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3811]: Successful su for rubyman by root
Jul 14 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3811]: + ??? root:rubyman
Jul 14 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3811]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784291 of user rubyman.
Jul 14 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3811]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784291.
Jul 14 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.178.20  user=root
Jul 14 12:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3832]: Failed password for root from 64.23.178.20 port 34722 ssh2
Jul 14 12:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3832]: Received disconnect from 64.23.178.20 port 34722:11: Bye Bye [preauth]
Jul 14 12:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3832]: Disconnected from 64.23.178.20 port 34722 [preauth]
Jul 14 12:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[714]: pam_unix(cron:session): session closed for user root
Jul 14 12:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3740]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2815]: pam_unix(cron:session): session closed for user root
Jul 14 12:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.80.6  user=root
Jul 14 12:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4124]: Failed password for root from 102.210.80.6 port 42551 ssh2
Jul 14 12:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4124]: Received disconnect from 102.210.80.6 port 42551:11: Bye Bye [preauth]
Jul 14 12:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4124]: Disconnected from 102.210.80.6 port 42551 [preauth]
Jul 14 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4204]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4205]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4208]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4203]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4203]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4423]: Successful su for rubyman by root
Jul 14 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4423]: + ??? root:rubyman
Jul 14 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4423]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784295 of user rubyman.
Jul 14 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4423]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784295.
Jul 14 12:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1246]: pam_unix(cron:session): session closed for user root
Jul 14 12:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4204]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3267]: pam_unix(cron:session): session closed for user root
Jul 14 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4914]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4907]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4916]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4913]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4911]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4915]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4916]: pam_unix(cron:session): session closed for user root
Jul 14 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4907]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.178.20  user=root
Jul 14 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5191]: Successful su for rubyman by root
Jul 14 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5191]: + ??? root:rubyman
Jul 14 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5191]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784303 of user rubyman.
Jul 14 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5191]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784303.
Jul 14 12:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4960]: Failed password for root from 64.23.178.20 port 42556 ssh2
Jul 14 12:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4960]: Received disconnect from 64.23.178.20 port 42556:11: Bye Bye [preauth]
Jul 14 12:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4960]: Disconnected from 64.23.178.20 port 42556 [preauth]
Jul 14 12:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1791]: pam_unix(cron:session): session closed for user root
Jul 14 12:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4913]: pam_unix(cron:session): session closed for user root
Jul 14 12:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4911]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3742]: pam_unix(cron:session): session closed for user root
Jul 14 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5650]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5649]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5653]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5646]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5646]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5729]: Successful su for rubyman by root
Jul 14 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5729]: + ??? root:rubyman
Jul 14 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5729]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784305 of user rubyman.
Jul 14 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5729]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784305.
Jul 14 12:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2311]: pam_unix(cron:session): session closed for user root
Jul 14 12:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5649]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4208]: pam_unix(cron:session): session closed for user root
Jul 14 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6203]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6201]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6200]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6199]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6199]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6270]: Successful su for rubyman by root
Jul 14 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6270]: + ??? root:rubyman
Jul 14 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6270]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784309 of user rubyman.
Jul 14 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6270]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784309.
Jul 14 12:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2814]: pam_unix(cron:session): session closed for user root
Jul 14 12:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6200]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.178.20  user=root
Jul 14 12:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6466]: Failed password for root from 64.23.178.20 port 38378 ssh2
Jul 14 12:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6466]: Received disconnect from 64.23.178.20 port 38378:11: Bye Bye [preauth]
Jul 14 12:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6466]: Disconnected from 64.23.178.20 port 38378 [preauth]
Jul 14 12:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4915]: pam_unix(cron:session): session closed for user root
Jul 14 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6620]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6621]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6619]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6618]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6618]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6697]: Successful su for rubyman by root
Jul 14 12:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6697]: + ??? root:rubyman
Jul 14 12:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6697]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784314 of user rubyman.
Jul 14 12:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6697]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784314.
Jul 14 12:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3266]: pam_unix(cron:session): session closed for user root
Jul 14 12:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6619]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5653]: pam_unix(cron:session): session closed for user root
Jul 14 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7163]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7162]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7161]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7164]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7161]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7235]: Successful su for rubyman by root
Jul 14 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7235]: + ??? root:rubyman
Jul 14 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7235]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784318 of user rubyman.
Jul 14 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7235]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784318.
Jul 14 12:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3741]: pam_unix(cron:session): session closed for user root
Jul 14 12:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7162]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.178.20  user=root
Jul 14 12:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7426]: Failed password for root from 64.23.178.20 port 42610 ssh2
Jul 14 12:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7426]: Received disconnect from 64.23.178.20 port 42610:11: Bye Bye [preauth]
Jul 14 12:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7426]: Disconnected from 64.23.178.20 port 42610 [preauth]
Jul 14 12:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6203]: pam_unix(cron:session): session closed for user root
Jul 14 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7692]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7699]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7697]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7698]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7694]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7693]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7699]: pam_unix(cron:session): session closed for user root
Jul 14 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7692]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7781]: Successful su for rubyman by root
Jul 14 12:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7781]: + ??? root:rubyman
Jul 14 12:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7781]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784321 of user rubyman.
Jul 14 12:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7781]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784321.
Jul 14 12:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7694]: pam_unix(cron:session): session closed for user root
Jul 14 12:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4205]: pam_unix(cron:session): session closed for user root
Jul 14 12:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7693]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6621]: pam_unix(cron:session): session closed for user root
Jul 14 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8293]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8292]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8291]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8290]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8290]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8363]: Successful su for rubyman by root
Jul 14 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8363]: + ??? root:rubyman
Jul 14 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8363]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784327 of user rubyman.
Jul 14 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8363]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784327.
Jul 14 12:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4914]: pam_unix(cron:session): session closed for user root
Jul 14 12:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8291]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.80.6  user=root
Jul 14 12:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8647]: Failed password for root from 102.210.80.6 port 59310 ssh2
Jul 14 12:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8647]: Received disconnect from 102.210.80.6 port 59310:11: Bye Bye [preauth]
Jul 14 12:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8647]: Disconnected from 102.210.80.6 port 59310 [preauth]
Jul 14 12:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7164]: pam_unix(cron:session): session closed for user root
Jul 14 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8789]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8788]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8790]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8787]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8787]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8852]: Successful su for rubyman by root
Jul 14 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8852]: + ??? root:rubyman
Jul 14 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8852]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784333 of user rubyman.
Jul 14 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8852]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784333.
Jul 14 12:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5650]: pam_unix(cron:session): session closed for user root
Jul 14 12:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8788]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7698]: pam_unix(cron:session): session closed for user root
Jul 14 12:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151  user=root
Jul 14 12:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9249]: Failed password for root from 83.227.192.151 port 54974 ssh2
Jul 14 12:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9249]: message repeated 5 times: [ Failed password for root from 83.227.192.151 port 54974 ssh2]
Jul 14 12:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9249]: error: maximum authentication attempts exceeded for root from 83.227.192.151 port 54974 ssh2 [preauth]
Jul 14 12:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9249]: Disconnecting: Too many authentication failures [preauth]
Jul 14 12:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9249]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151  user=root
Jul 14 12:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9249]: PAM service(sshd) ignoring max retries; 6 > 3
Jul 14 12:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151  user=root
Jul 14 12:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9325]: Failed password for root from 83.227.192.151 port 57962 ssh2
Jul 14 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9325]: Failed password for root from 83.227.192.151 port 57962 ssh2
Jul 14 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9341]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9337]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9339]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9338]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9337]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9404]: Successful su for rubyman by root
Jul 14 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9404]: + ??? root:rubyman
Jul 14 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9404]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784335 of user rubyman.
Jul 14 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9404]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784335.
Jul 14 12:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9325]: Failed password for root from 83.227.192.151 port 57962 ssh2
Jul 14 12:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6201]: pam_unix(cron:session): session closed for user root
Jul 14 12:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.178.20  user=root
Jul 14 12:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9325]: Failed password for root from 83.227.192.151 port 57962 ssh2
Jul 14 12:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9563]: Failed password for root from 64.23.178.20 port 56598 ssh2
Jul 14 12:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9563]: Received disconnect from 64.23.178.20 port 56598:11: Bye Bye [preauth]
Jul 14 12:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9563]: Disconnected from 64.23.178.20 port 56598 [preauth]
Jul 14 12:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9338]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9325]: Failed password for root from 83.227.192.151 port 57962 ssh2
Jul 14 12:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9325]: Failed password for root from 83.227.192.151 port 57962 ssh2
Jul 14 12:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9325]: error: maximum authentication attempts exceeded for root from 83.227.192.151 port 57962 ssh2 [preauth]
Jul 14 12:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9325]: Disconnecting: Too many authentication failures [preauth]
Jul 14 12:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9325]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151  user=root
Jul 14 12:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9325]: PAM service(sshd) ignoring max retries; 6 > 3
Jul 14 12:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151  user=root
Jul 14 12:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9597]: Failed password for root from 83.227.192.151 port 60658 ssh2
Jul 14 12:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9597]: message repeated 5 times: [ Failed password for root from 83.227.192.151 port 60658 ssh2]
Jul 14 12:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9597]: error: maximum authentication attempts exceeded for root from 83.227.192.151 port 60658 ssh2 [preauth]
Jul 14 12:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9597]: Disconnecting: Too many authentication failures [preauth]
Jul 14 12:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9597]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151  user=root
Jul 14 12:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9597]: PAM service(sshd) ignoring max retries; 6 > 3
Jul 14 12:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151  user=root
Jul 14 12:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9658]: Failed password for root from 83.227.192.151 port 35254 ssh2
Jul 14 12:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9658]: Received disconnect from 83.227.192.151 port 35254:11: disconnected by user [preauth]
Jul 14 12:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9658]: Disconnected from 83.227.192.151 port 35254 [preauth]
Jul 14 12:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: Invalid user admin from 83.227.192.151
Jul 14 12:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: input_userauth_request: invalid user admin [preauth]
Jul 14 12:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8293]: pam_unix(cron:session): session closed for user root
Jul 14 12:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: Failed password for invalid user admin from 83.227.192.151 port 35988 ssh2
Jul 14 12:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: Failed password for invalid user admin from 83.227.192.151 port 35988 ssh2
Jul 14 12:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: Failed password for invalid user admin from 83.227.192.151 port 35988 ssh2
Jul 14 12:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: Failed password for invalid user admin from 83.227.192.151 port 35988 ssh2
Jul 14 12:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: Failed password for invalid user admin from 83.227.192.151 port 35988 ssh2
Jul 14 12:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: Failed password for invalid user admin from 83.227.192.151 port 35988 ssh2
Jul 14 12:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: error: maximum authentication attempts exceeded for invalid user admin from 83.227.192.151 port 35988 ssh2 [preauth]
Jul 14 12:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: Disconnecting: Too many authentication failures [preauth]
Jul 14 12:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: PAM service(sshd) ignoring max retries; 6 > 3
Jul 14 12:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9733]: Invalid user admin from 83.227.192.151
Jul 14 12:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9733]: input_userauth_request: invalid user admin [preauth]
Jul 14 12:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9733]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9733]: Failed password for invalid user admin from 83.227.192.151 port 38428 ssh2
Jul 14 12:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9733]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9733]: Failed password for invalid user admin from 83.227.192.151 port 38428 ssh2
Jul 14 12:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9733]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9733]: Failed password for invalid user admin from 83.227.192.151 port 38428 ssh2
Jul 14 12:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9733]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9733]: Failed password for invalid user admin from 83.227.192.151 port 38428 ssh2
Jul 14 12:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9733]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9733]: Failed password for invalid user admin from 83.227.192.151 port 38428 ssh2
Jul 14 12:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9733]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9733]: Failed password for invalid user admin from 83.227.192.151 port 38428 ssh2
Jul 14 12:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9733]: error: maximum authentication attempts exceeded for invalid user admin from 83.227.192.151 port 38428 ssh2 [preauth]
Jul 14 12:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9733]: Disconnecting: Too many authentication failures [preauth]
Jul 14 12:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9733]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9733]: PAM service(sshd) ignoring max retries; 6 > 3
Jul 14 12:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9766]: Invalid user admin from 83.227.192.151
Jul 14 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9766]: input_userauth_request: invalid user admin [preauth]
Jul 14 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9766]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9773]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9772]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9770]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9771]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9770]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9841]: Successful su for rubyman by root
Jul 14 12:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9841]: + ??? root:rubyman
Jul 14 12:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9841]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784340 of user rubyman.
Jul 14 12:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9841]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784340.
Jul 14 12:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9766]: Failed password for invalid user admin from 83.227.192.151 port 40930 ssh2
Jul 14 12:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9766]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9766]: Failed password for invalid user admin from 83.227.192.151 port 40930 ssh2
Jul 14 12:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9766]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6620]: pam_unix(cron:session): session closed for user root
Jul 14 12:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9766]: Failed password for invalid user admin from 83.227.192.151 port 40930 ssh2
Jul 14 12:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9766]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9771]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9766]: Failed password for invalid user admin from 83.227.192.151 port 40930 ssh2
Jul 14 12:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9766]: Received disconnect from 83.227.192.151 port 40930:11: disconnected by user [preauth]
Jul 14 12:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9766]: Disconnected from 83.227.192.151 port 40930 [preauth]
Jul 14 12:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9766]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9766]: PAM service(sshd) ignoring max retries; 4 > 3
Jul 14 12:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10033]: Invalid user oracle from 83.227.192.151
Jul 14 12:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10033]: input_userauth_request: invalid user oracle [preauth]
Jul 14 12:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10033]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10033]: Failed password for invalid user oracle from 83.227.192.151 port 42608 ssh2
Jul 14 12:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10033]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10033]: Failed password for invalid user oracle from 83.227.192.151 port 42608 ssh2
Jul 14 12:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10033]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10033]: Failed password for invalid user oracle from 83.227.192.151 port 42608 ssh2
Jul 14 12:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10033]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10033]: Failed password for invalid user oracle from 83.227.192.151 port 42608 ssh2
Jul 14 12:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10033]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10033]: Failed password for invalid user oracle from 83.227.192.151 port 42608 ssh2
Jul 14 12:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10033]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10033]: Failed password for invalid user oracle from 83.227.192.151 port 42608 ssh2
Jul 14 12:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10033]: error: maximum authentication attempts exceeded for invalid user oracle from 83.227.192.151 port 42608 ssh2 [preauth]
Jul 14 12:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10033]: Disconnecting: Too many authentication failures [preauth]
Jul 14 12:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10033]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10033]: PAM service(sshd) ignoring max retries; 6 > 3
Jul 14 12:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10078]: Invalid user oracle from 83.227.192.151
Jul 14 12:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10078]: input_userauth_request: invalid user oracle [preauth]
Jul 14 12:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10078]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10078]: Failed password for invalid user oracle from 83.227.192.151 port 44900 ssh2
Jul 14 12:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10078]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10078]: Failed password for invalid user oracle from 83.227.192.151 port 44900 ssh2
Jul 14 12:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10078]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10078]: Failed password for invalid user oracle from 83.227.192.151 port 44900 ssh2
Jul 14 12:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10078]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10078]: Failed password for invalid user oracle from 83.227.192.151 port 44900 ssh2
Jul 14 12:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10078]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8790]: pam_unix(cron:session): session closed for user root
Jul 14 12:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10078]: Failed password for invalid user oracle from 83.227.192.151 port 44900 ssh2
Jul 14 12:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10078]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10078]: Failed password for invalid user oracle from 83.227.192.151 port 44900 ssh2
Jul 14 12:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10078]: error: maximum authentication attempts exceeded for invalid user oracle from 83.227.192.151 port 44900 ssh2 [preauth]
Jul 14 12:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10078]: Disconnecting: Too many authentication failures [preauth]
Jul 14 12:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10078]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10078]: PAM service(sshd) ignoring max retries; 6 > 3
Jul 14 12:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10136]: Invalid user oracle from 83.227.192.151
Jul 14 12:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10136]: input_userauth_request: invalid user oracle [preauth]
Jul 14 12:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10136]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10136]: Failed password for invalid user oracle from 83.227.192.151 port 47494 ssh2
Jul 14 12:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10136]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10136]: Failed password for invalid user oracle from 83.227.192.151 port 47494 ssh2
Jul 14 12:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10136]: Received disconnect from 83.227.192.151 port 47494:11: disconnected by user [preauth]
Jul 14 12:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10136]: Disconnected from 83.227.192.151 port 47494 [preauth]
Jul 14 12:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10136]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: Invalid user usuario from 83.227.192.151
Jul 14 12:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: input_userauth_request: invalid user usuario [preauth]
Jul 14 12:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: Failed password for invalid user usuario from 83.227.192.151 port 48482 ssh2
Jul 14 12:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: Failed password for invalid user usuario from 83.227.192.151 port 48482 ssh2
Jul 14 12:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: Failed password for invalid user usuario from 83.227.192.151 port 48482 ssh2
Jul 14 12:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: Failed password for invalid user usuario from 83.227.192.151 port 48482 ssh2
Jul 14 12:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: Failed password for invalid user usuario from 83.227.192.151 port 48482 ssh2
Jul 14 12:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: Failed password for invalid user usuario from 83.227.192.151 port 48482 ssh2
Jul 14 12:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: error: maximum authentication attempts exceeded for invalid user usuario from 83.227.192.151 port 48482 ssh2 [preauth]
Jul 14 12:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: Disconnecting: Too many authentication failures [preauth]
Jul 14 12:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: PAM service(sshd) ignoring max retries; 6 > 3
Jul 14 12:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: Invalid user usuario from 83.227.192.151
Jul 14 12:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: input_userauth_request: invalid user usuario [preauth]
Jul 14 12:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: Failed password for invalid user usuario from 83.227.192.151 port 50882 ssh2
Jul 14 12:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10195]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10196]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10193]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10197]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10192]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10194]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10197]: pam_unix(cron:session): session closed for user root
Jul 14 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10192]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10353]: Successful su for rubyman by root
Jul 14 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10353]: + ??? root:rubyman
Jul 14 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10353]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784345 of user rubyman.
Jul 14 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10353]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784345.
Jul 14 12:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: Failed password for invalid user usuario from 83.227.192.151 port 50882 ssh2
Jul 14 12:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: Failed password for invalid user usuario from 83.227.192.151 port 50882 ssh2
Jul 14 12:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7163]: pam_unix(cron:session): session closed for user root
Jul 14 12:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10194]: pam_unix(cron:session): session closed for user root
Jul 14 12:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: Failed password for invalid user usuario from 83.227.192.151 port 50882 ssh2
Jul 14 12:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: Failed password for invalid user usuario from 83.227.192.151 port 50882 ssh2
Jul 14 12:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10193]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: Failed password for invalid user usuario from 83.227.192.151 port 50882 ssh2
Jul 14 12:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: error: maximum authentication attempts exceeded for invalid user usuario from 83.227.192.151 port 50882 ssh2 [preauth]
Jul 14 12:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: Disconnecting: Too many authentication failures [preauth]
Jul 14 12:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: PAM service(sshd) ignoring max retries; 6 > 3
Jul 14 12:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10603]: Invalid user usuario from 83.227.192.151
Jul 14 12:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10603]: input_userauth_request: invalid user usuario [preauth]
Jul 14 12:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10603]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10603]: Failed password for invalid user usuario from 83.227.192.151 port 53316 ssh2
Jul 14 12:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10603]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10603]: Failed password for invalid user usuario from 83.227.192.151 port 53316 ssh2
Jul 14 12:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10603]: Received disconnect from 83.227.192.151 port 53316:11: disconnected by user [preauth]
Jul 14 12:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10603]: Disconnected from 83.227.192.151 port 53316 [preauth]
Jul 14 12:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10603]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10645]: Invalid user test from 83.227.192.151
Jul 14 12:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10645]: input_userauth_request: invalid user test [preauth]
Jul 14 12:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10645]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10645]: Failed password for invalid user test from 83.227.192.151 port 54184 ssh2
Jul 14 12:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10645]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10645]: Failed password for invalid user test from 83.227.192.151 port 54184 ssh2
Jul 14 12:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10645]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10645]: Failed password for invalid user test from 83.227.192.151 port 54184 ssh2
Jul 14 12:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10645]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10645]: Failed password for invalid user test from 83.227.192.151 port 54184 ssh2
Jul 14 12:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10645]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10645]: Failed password for invalid user test from 83.227.192.151 port 54184 ssh2
Jul 14 12:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10645]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10645]: Failed password for invalid user test from 83.227.192.151 port 54184 ssh2
Jul 14 12:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10645]: error: maximum authentication attempts exceeded for invalid user test from 83.227.192.151 port 54184 ssh2 [preauth]
Jul 14 12:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10645]: Disconnecting: Too many authentication failures [preauth]
Jul 14 12:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10645]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10645]: PAM service(sshd) ignoring max retries; 6 > 3
Jul 14 12:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10699]: Invalid user test from 83.227.192.151
Jul 14 12:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10699]: input_userauth_request: invalid user test [preauth]
Jul 14 12:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10699]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10699]: Failed password for invalid user test from 83.227.192.151 port 56374 ssh2
Jul 14 12:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10699]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10699]: Failed password for invalid user test from 83.227.192.151 port 56374 ssh2
Jul 14 12:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10699]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9341]: pam_unix(cron:session): session closed for user root
Jul 14 12:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10699]: Failed password for invalid user test from 83.227.192.151 port 56374 ssh2
Jul 14 12:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10699]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10699]: Failed password for invalid user test from 83.227.192.151 port 56374 ssh2
Jul 14 12:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10699]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10699]: Failed password for invalid user test from 83.227.192.151 port 56374 ssh2
Jul 14 12:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10699]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10699]: Failed password for invalid user test from 83.227.192.151 port 56374 ssh2
Jul 14 12:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10699]: error: maximum authentication attempts exceeded for invalid user test from 83.227.192.151 port 56374 ssh2 [preauth]
Jul 14 12:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10699]: Disconnecting: Too many authentication failures [preauth]
Jul 14 12:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10699]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10699]: PAM service(sshd) ignoring max retries; 6 > 3
Jul 14 12:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10766]: Invalid user test from 83.227.192.151
Jul 14 12:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10766]: input_userauth_request: invalid user test [preauth]
Jul 14 12:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10766]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10766]: Failed password for invalid user test from 83.227.192.151 port 58498 ssh2
Jul 14 12:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10766]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10766]: Failed password for invalid user test from 83.227.192.151 port 58498 ssh2
Jul 14 12:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10766]: Received disconnect from 83.227.192.151 port 58498:11: disconnected by user [preauth]
Jul 14 12:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10766]: Disconnected from 83.227.192.151 port 58498 [preauth]
Jul 14 12:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10766]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10788]: Invalid user user from 83.227.192.151
Jul 14 12:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10788]: input_userauth_request: invalid user user [preauth]
Jul 14 12:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10788]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10788]: Failed password for invalid user user from 83.227.192.151 port 59284 ssh2
Jul 14 12:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10788]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10788]: Failed password for invalid user user from 83.227.192.151 port 59284 ssh2
Jul 14 12:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10788]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10788]: Failed password for invalid user user from 83.227.192.151 port 59284 ssh2
Jul 14 12:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10788]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10788]: Failed password for invalid user user from 83.227.192.151 port 59284 ssh2
Jul 14 12:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10788]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10788]: Failed password for invalid user user from 83.227.192.151 port 59284 ssh2
Jul 14 12:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10788]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10788]: Failed password for invalid user user from 83.227.192.151 port 59284 ssh2
Jul 14 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10788]: error: maximum authentication attempts exceeded for invalid user user from 83.227.192.151 port 59284 ssh2 [preauth]
Jul 14 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10788]: Disconnecting: Too many authentication failures [preauth]
Jul 14 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10788]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10788]: PAM service(sshd) ignoring max retries; 6 > 3
Jul 14 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10826]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10825]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10824]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10823]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10823]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10889]: Successful su for rubyman by root
Jul 14 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10889]: + ??? root:rubyman
Jul 14 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10889]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784349 of user rubyman.
Jul 14 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10889]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784349.
Jul 14 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10820]: Invalid user user from 83.227.192.151
Jul 14 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10820]: input_userauth_request: invalid user user [preauth]
Jul 14 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10820]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10820]: Failed password for invalid user user from 83.227.192.151 port 33174 ssh2
Jul 14 12:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10820]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7697]: pam_unix(cron:session): session closed for user root
Jul 14 12:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10820]: Failed password for invalid user user from 83.227.192.151 port 33174 ssh2
Jul 14 12:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10820]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10824]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10820]: Failed password for invalid user user from 83.227.192.151 port 33174 ssh2
Jul 14 12:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10820]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10820]: Failed password for invalid user user from 83.227.192.151 port 33174 ssh2
Jul 14 12:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10820]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10820]: Failed password for invalid user user from 83.227.192.151 port 33174 ssh2
Jul 14 12:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10820]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10820]: Failed password for invalid user user from 83.227.192.151 port 33174 ssh2
Jul 14 12:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10820]: error: maximum authentication attempts exceeded for invalid user user from 83.227.192.151 port 33174 ssh2 [preauth]
Jul 14 12:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10820]: Disconnecting: Too many authentication failures [preauth]
Jul 14 12:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10820]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10820]: PAM service(sshd) ignoring max retries; 6 > 3
Jul 14 12:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11096]: Invalid user user from 83.227.192.151
Jul 14 12:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11096]: input_userauth_request: invalid user user [preauth]
Jul 14 12:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11096]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11096]: Failed password for invalid user user from 83.227.192.151 port 35274 ssh2
Jul 14 12:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11096]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11096]: Failed password for invalid user user from 83.227.192.151 port 35274 ssh2
Jul 14 12:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11096]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11096]: Failed password for invalid user user from 83.227.192.151 port 35274 ssh2
Jul 14 12:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11096]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11096]: Failed password for invalid user user from 83.227.192.151 port 35274 ssh2
Jul 14 12:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11096]: Received disconnect from 83.227.192.151 port 35274:11: disconnected by user [preauth]
Jul 14 12:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11096]: Disconnected from 83.227.192.151 port 35274 [preauth]
Jul 14 12:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11096]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11096]: PAM service(sshd) ignoring max retries; 4 > 3
Jul 14 12:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11127]: Invalid user ftpuser from 83.227.192.151
Jul 14 12:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11127]: input_userauth_request: invalid user ftpuser [preauth]
Jul 14 12:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11127]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11127]: Failed password for invalid user ftpuser from 83.227.192.151 port 37056 ssh2
Jul 14 12:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11127]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11127]: Failed password for invalid user ftpuser from 83.227.192.151 port 37056 ssh2
Jul 14 12:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11127]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11127]: Failed password for invalid user ftpuser from 83.227.192.151 port 37056 ssh2
Jul 14 12:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11127]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9773]: pam_unix(cron:session): session closed for user root
Jul 14 12:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11127]: Failed password for invalid user ftpuser from 83.227.192.151 port 37056 ssh2
Jul 14 12:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11127]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11127]: Failed password for invalid user ftpuser from 83.227.192.151 port 37056 ssh2
Jul 14 12:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11127]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11127]: Failed password for invalid user ftpuser from 83.227.192.151 port 37056 ssh2
Jul 14 12:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11127]: error: maximum authentication attempts exceeded for invalid user ftpuser from 83.227.192.151 port 37056 ssh2 [preauth]
Jul 14 12:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11127]: Disconnecting: Too many authentication failures [preauth]
Jul 14 12:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11127]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11127]: PAM service(sshd) ignoring max retries; 6 > 3
Jul 14 12:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11184]: Invalid user ftpuser from 83.227.192.151
Jul 14 12:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11184]: input_userauth_request: invalid user ftpuser [preauth]
Jul 14 12:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11184]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11184]: Failed password for invalid user ftpuser from 83.227.192.151 port 39240 ssh2
Jul 14 12:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11184]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11184]: Failed password for invalid user ftpuser from 83.227.192.151 port 39240 ssh2
Jul 14 12:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11184]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11184]: Failed password for invalid user ftpuser from 83.227.192.151 port 39240 ssh2
Jul 14 12:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11184]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11184]: Failed password for invalid user ftpuser from 83.227.192.151 port 39240 ssh2
Jul 14 12:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11184]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11184]: Failed password for invalid user ftpuser from 83.227.192.151 port 39240 ssh2
Jul 14 12:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11184]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11184]: Failed password for invalid user ftpuser from 83.227.192.151 port 39240 ssh2
Jul 14 12:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11184]: error: maximum authentication attempts exceeded for invalid user ftpuser from 83.227.192.151 port 39240 ssh2 [preauth]
Jul 14 12:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11184]: Disconnecting: Too many authentication failures [preauth]
Jul 14 12:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11184]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11184]: PAM service(sshd) ignoring max retries; 6 > 3
Jul 14 12:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11226]: Invalid user ftpuser from 83.227.192.151
Jul 14 12:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11226]: input_userauth_request: invalid user ftpuser [preauth]
Jul 14 12:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11226]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11226]: Failed password for invalid user ftpuser from 83.227.192.151 port 41508 ssh2
Jul 14 12:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11226]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11226]: Failed password for invalid user ftpuser from 83.227.192.151 port 41508 ssh2
Jul 14 12:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11226]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11226]: Failed password for invalid user ftpuser from 83.227.192.151 port 41508 ssh2
Jul 14 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11226]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11241]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11238]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11239]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11240]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11238]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11303]: Successful su for rubyman by root
Jul 14 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11303]: + ??? root:rubyman
Jul 14 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11303]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784354 of user rubyman.
Jul 14 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11303]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784354.
Jul 14 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11226]: Failed password for invalid user ftpuser from 83.227.192.151 port 41508 ssh2
Jul 14 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11226]: Received disconnect from 83.227.192.151 port 41508:11: disconnected by user [preauth]
Jul 14 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11226]: Disconnected from 83.227.192.151 port 41508 [preauth]
Jul 14 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11226]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11226]: PAM service(sshd) ignoring max retries; 4 > 3
Jul 14 12:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11363]: Invalid user test1 from 83.227.192.151
Jul 14 12:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11363]: input_userauth_request: invalid user test1 [preauth]
Jul 14 12:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11363]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8292]: pam_unix(cron:session): session closed for user root
Jul 14 12:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11363]: Failed password for invalid user test1 from 83.227.192.151 port 42972 ssh2
Jul 14 12:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.178.20  user=root
Jul 14 12:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11363]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11239]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11473]: Failed password for root from 64.23.178.20 port 56976 ssh2
Jul 14 12:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11473]: Received disconnect from 64.23.178.20 port 56976:11: Bye Bye [preauth]
Jul 14 12:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11473]: Disconnected from 64.23.178.20 port 56976 [preauth]
Jul 14 12:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11363]: Failed password for invalid user test1 from 83.227.192.151 port 42972 ssh2
Jul 14 12:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11363]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11363]: Failed password for invalid user test1 from 83.227.192.151 port 42972 ssh2
Jul 14 12:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11363]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11363]: Failed password for invalid user test1 from 83.227.192.151 port 42972 ssh2
Jul 14 12:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11363]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11363]: Failed password for invalid user test1 from 83.227.192.151 port 42972 ssh2
Jul 14 12:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11363]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11363]: Failed password for invalid user test1 from 83.227.192.151 port 42972 ssh2
Jul 14 12:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11363]: error: maximum authentication attempts exceeded for invalid user test1 from 83.227.192.151 port 42972 ssh2 [preauth]
Jul 14 12:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11363]: Disconnecting: Too many authentication failures [preauth]
Jul 14 12:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11363]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11363]: PAM service(sshd) ignoring max retries; 6 > 3
Jul 14 12:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: Invalid user test1 from 83.227.192.151
Jul 14 12:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: input_userauth_request: invalid user test1 [preauth]
Jul 14 12:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: Failed password for invalid user test1 from 83.227.192.151 port 45354 ssh2
Jul 14 12:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: Failed password for invalid user test1 from 83.227.192.151 port 45354 ssh2
Jul 14 12:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: Failed password for invalid user test1 from 83.227.192.151 port 45354 ssh2
Jul 14 12:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: Failed password for invalid user test1 from 83.227.192.151 port 45354 ssh2
Jul 14 12:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: Failed password for invalid user test1 from 83.227.192.151 port 45354 ssh2
Jul 14 12:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: Failed password for invalid user test1 from 83.227.192.151 port 45354 ssh2
Jul 14 12:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: error: maximum authentication attempts exceeded for invalid user test1 from 83.227.192.151 port 45354 ssh2 [preauth]
Jul 14 12:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: Disconnecting: Too many authentication failures [preauth]
Jul 14 12:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: PAM service(sshd) ignoring max retries; 6 > 3
Jul 14 12:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11574]: Invalid user test1 from 83.227.192.151
Jul 14 12:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11574]: input_userauth_request: invalid user test1 [preauth]
Jul 14 12:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11574]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11574]: Failed password for invalid user test1 from 83.227.192.151 port 47584 ssh2
Jul 14 12:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11574]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10196]: pam_unix(cron:session): session closed for user root
Jul 14 12:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11574]: Failed password for invalid user test1 from 83.227.192.151 port 47584 ssh2
Jul 14 12:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11574]: Received disconnect from 83.227.192.151 port 47584:11: disconnected by user [preauth]
Jul 14 12:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11574]: Disconnected from 83.227.192.151 port 47584 [preauth]
Jul 14 12:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11574]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11606]: Invalid user test2 from 83.227.192.151
Jul 14 12:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11606]: input_userauth_request: invalid user test2 [preauth]
Jul 14 12:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11606]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11606]: Failed password for invalid user test2 from 83.227.192.151 port 48572 ssh2
Jul 14 12:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11606]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11606]: Failed password for invalid user test2 from 83.227.192.151 port 48572 ssh2
Jul 14 12:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11606]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11606]: Failed password for invalid user test2 from 83.227.192.151 port 48572 ssh2
Jul 14 12:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11606]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11606]: Failed password for invalid user test2 from 83.227.192.151 port 48572 ssh2
Jul 14 12:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11606]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11606]: Failed password for invalid user test2 from 83.227.192.151 port 48572 ssh2
Jul 14 12:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11606]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11606]: Failed password for invalid user test2 from 83.227.192.151 port 48572 ssh2
Jul 14 12:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11606]: error: maximum authentication attempts exceeded for invalid user test2 from 83.227.192.151 port 48572 ssh2 [preauth]
Jul 14 12:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11606]: Disconnecting: Too many authentication failures [preauth]
Jul 14 12:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11606]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11606]: PAM service(sshd) ignoring max retries; 6 > 3
Jul 14 12:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11638]: Invalid user test2 from 83.227.192.151
Jul 14 12:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11638]: input_userauth_request: invalid user test2 [preauth]
Jul 14 12:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11638]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11638]: Failed password for invalid user test2 from 83.227.192.151 port 50908 ssh2
Jul 14 12:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11638]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11638]: Failed password for invalid user test2 from 83.227.192.151 port 50908 ssh2
Jul 14 12:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11638]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11638]: Failed password for invalid user test2 from 83.227.192.151 port 50908 ssh2
Jul 14 12:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11638]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11659]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11660]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11657]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11658]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11657]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11721]: Successful su for rubyman by root
Jul 14 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11721]: + ??? root:rubyman
Jul 14 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11721]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784358 of user rubyman.
Jul 14 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11721]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784358.
Jul 14 12:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11638]: Failed password for invalid user test2 from 83.227.192.151 port 50908 ssh2
Jul 14 12:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11638]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11638]: Failed password for invalid user test2 from 83.227.192.151 port 50908 ssh2
Jul 14 12:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11638]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8789]: pam_unix(cron:session): session closed for user root
Jul 14 12:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11638]: Failed password for invalid user test2 from 83.227.192.151 port 50908 ssh2
Jul 14 12:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11638]: error: maximum authentication attempts exceeded for invalid user test2 from 83.227.192.151 port 50908 ssh2 [preauth]
Jul 14 12:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11638]: Disconnecting: Too many authentication failures [preauth]
Jul 14 12:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11638]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11638]: PAM service(sshd) ignoring max retries; 6 > 3
Jul 14 12:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11658]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11921]: Invalid user test2 from 83.227.192.151
Jul 14 12:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11921]: input_userauth_request: invalid user test2 [preauth]
Jul 14 12:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11921]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11921]: Failed password for invalid user test2 from 83.227.192.151 port 53464 ssh2
Jul 14 12:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11921]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11921]: Failed password for invalid user test2 from 83.227.192.151 port 53464 ssh2
Jul 14 12:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11921]: Received disconnect from 83.227.192.151 port 53464:11: disconnected by user [preauth]
Jul 14 12:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11921]: Disconnected from 83.227.192.151 port 53464 [preauth]
Jul 14 12:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11921]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11955]: Invalid user ubuntu from 83.227.192.151
Jul 14 12:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11955]: input_userauth_request: invalid user ubuntu [preauth]
Jul 14 12:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11955]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11955]: Failed password for invalid user ubuntu from 83.227.192.151 port 54568 ssh2
Jul 14 12:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11955]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11955]: Failed password for invalid user ubuntu from 83.227.192.151 port 54568 ssh2
Jul 14 12:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11955]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11955]: Failed password for invalid user ubuntu from 83.227.192.151 port 54568 ssh2
Jul 14 12:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11955]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11955]: Failed password for invalid user ubuntu from 83.227.192.151 port 54568 ssh2
Jul 14 12:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11955]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11955]: Failed password for invalid user ubuntu from 83.227.192.151 port 54568 ssh2
Jul 14 12:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11955]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11955]: Failed password for invalid user ubuntu from 83.227.192.151 port 54568 ssh2
Jul 14 12:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11955]: error: maximum authentication attempts exceeded for invalid user ubuntu from 83.227.192.151 port 54568 ssh2 [preauth]
Jul 14 12:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11955]: Disconnecting: Too many authentication failures [preauth]
Jul 14 12:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11955]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11955]: PAM service(sshd) ignoring max retries; 6 > 3
Jul 14 12:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11993]: Invalid user ubuntu from 83.227.192.151
Jul 14 12:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11993]: input_userauth_request: invalid user ubuntu [preauth]
Jul 14 12:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11993]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11993]: Failed password for invalid user ubuntu from 83.227.192.151 port 56998 ssh2
Jul 14 12:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11993]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10826]: pam_unix(cron:session): session closed for user root
Jul 14 12:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11993]: Failed password for invalid user ubuntu from 83.227.192.151 port 56998 ssh2
Jul 14 12:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11993]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11993]: Failed password for invalid user ubuntu from 83.227.192.151 port 56998 ssh2
Jul 14 12:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11993]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11993]: Failed password for invalid user ubuntu from 83.227.192.151 port 56998 ssh2
Jul 14 12:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11993]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11993]: Failed password for invalid user ubuntu from 83.227.192.151 port 56998 ssh2
Jul 14 12:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11993]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11993]: Failed password for invalid user ubuntu from 83.227.192.151 port 56998 ssh2
Jul 14 12:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11993]: error: maximum authentication attempts exceeded for invalid user ubuntu from 83.227.192.151 port 56998 ssh2 [preauth]
Jul 14 12:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11993]: Disconnecting: Too many authentication failures [preauth]
Jul 14 12:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11993]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11993]: PAM service(sshd) ignoring max retries; 6 > 3
Jul 14 12:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12060]: Invalid user ubuntu from 83.227.192.151
Jul 14 12:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12060]: input_userauth_request: invalid user ubuntu [preauth]
Jul 14 12:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12060]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12060]: Failed password for invalid user ubuntu from 83.227.192.151 port 59560 ssh2
Jul 14 12:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12060]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12060]: Failed password for invalid user ubuntu from 83.227.192.151 port 59560 ssh2
Jul 14 12:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12060]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12060]: Failed password for invalid user ubuntu from 83.227.192.151 port 59560 ssh2
Jul 14 12:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12060]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12060]: Failed password for invalid user ubuntu from 83.227.192.151 port 59560 ssh2
Jul 14 12:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12060]: Received disconnect from 83.227.192.151 port 59560:11: disconnected by user [preauth]
Jul 14 12:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12060]: Disconnected from 83.227.192.151 port 59560 [preauth]
Jul 14 12:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12060]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12060]: PAM service(sshd) ignoring max retries; 4 > 3
Jul 14 12:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12078]: Invalid user pi from 83.227.192.151
Jul 14 12:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12078]: input_userauth_request: invalid user pi [preauth]
Jul 14 12:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12078]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12078]: Failed password for invalid user pi from 83.227.192.151 port 33024 ssh2
Jul 14 12:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12078]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12078]: Failed password for invalid user pi from 83.227.192.151 port 33024 ssh2
Jul 14 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12097]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12095]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12098]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12094]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12090]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12094]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12078]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12237]: Successful su for rubyman by root
Jul 14 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12237]: + ??? root:rubyman
Jul 14 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12237]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784363 of user rubyman.
Jul 14 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12237]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784363.
Jul 14 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12090]: pam_unix(cron:session): session closed for user root
Jul 14 12:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12078]: Failed password for invalid user pi from 83.227.192.151 port 33024 ssh2
Jul 14 12:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12078]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12078]: Failed password for invalid user pi from 83.227.192.151 port 33024 ssh2
Jul 14 12:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9339]: pam_unix(cron:session): session closed for user root
Jul 14 12:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12078]: Received disconnect from 83.227.192.151 port 33024:11: disconnected by user [preauth]
Jul 14 12:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12078]: Disconnected from 83.227.192.151 port 33024 [preauth]
Jul 14 12:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12078]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12078]: PAM service(sshd) ignoring max retries; 4 > 3
Jul 14 12:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12461]: Invalid user baikal from 83.227.192.151
Jul 14 12:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12461]: input_userauth_request: invalid user baikal [preauth]
Jul 14 12:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12461]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 12:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.227.192.151
Jul 14 12:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12095]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12461]: Failed password for invalid user baikal from 83.227.192.151 port 34630 ssh2
Jul 14 12:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12461]: Received disconnect from 83.227.192.151 port 34630:11: disconnected by user [preauth]
Jul 14 12:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12461]: Disconnected from 83.227.192.151 port 34630 [preauth]
Jul 14 12:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.80.6  user=root
Jul 14 12:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12548]: Failed password for root from 102.210.80.6 port 46843 ssh2
Jul 14 12:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12548]: Received disconnect from 102.210.80.6 port 46843:11: Bye Bye [preauth]
Jul 14 12:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12548]: Disconnected from 102.210.80.6 port 46843 [preauth]
Jul 14 12:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11241]: pam_unix(cron:session): session closed for user root
Jul 14 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12690]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12691]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12692]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12686]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12688]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12687]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12692]: pam_unix(cron:session): session closed for user root
Jul 14 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12686]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12760]: Successful su for rubyman by root
Jul 14 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12760]: + ??? root:rubyman
Jul 14 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12760]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784368 of user rubyman.
Jul 14 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12760]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784368.
Jul 14 12:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12688]: pam_unix(cron:session): session closed for user root
Jul 14 12:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9772]: pam_unix(cron:session): session closed for user root
Jul 14 12:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12687]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11660]: pam_unix(cron:session): session closed for user root
Jul 14 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13167]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13165]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13166]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13164]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13164]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13235]: Successful su for rubyman by root
Jul 14 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13235]: + ??? root:rubyman
Jul 14 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13235]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784373 of user rubyman.
Jul 14 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13235]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784373.
Jul 14 12:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10195]: pam_unix(cron:session): session closed for user root
Jul 14 12:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13165]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12098]: pam_unix(cron:session): session closed for user root
Jul 14 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13715]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13714]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13716]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13713]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13713]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13780]: Successful su for rubyman by root
Jul 14 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13780]: + ??? root:rubyman
Jul 14 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13780]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784376 of user rubyman.
Jul 14 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13780]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784376.
Jul 14 12:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10825]: pam_unix(cron:session): session closed for user root
Jul 14 12:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13714]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12691]: pam_unix(cron:session): session closed for user root
Jul 14 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14121]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14120]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14119]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14117]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14117]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14182]: Successful su for rubyman by root
Jul 14 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14182]: + ??? root:rubyman
Jul 14 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14182]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784380 of user rubyman.
Jul 14 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14182]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784380.
Jul 14 12:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11240]: pam_unix(cron:session): session closed for user root
Jul 14 12:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14119]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13167]: pam_unix(cron:session): session closed for user root
Jul 14 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14525]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14524]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14523]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14522]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14522]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14587]: Successful su for rubyman by root
Jul 14 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14587]: + ??? root:rubyman
Jul 14 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14587]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784385 of user rubyman.
Jul 14 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14587]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784385.
Jul 14 12:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11659]: pam_unix(cron:session): session closed for user root
Jul 14 12:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14523]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13716]: pam_unix(cron:session): session closed for user root
Jul 14 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14953]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14955]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14952]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14950]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14954]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14951]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14955]: pam_unix(cron:session): session closed for user root
Jul 14 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14950]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15023]: Successful su for rubyman by root
Jul 14 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15023]: + ??? root:rubyman
Jul 14 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15023]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784392 of user rubyman.
Jul 14 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15023]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784392.
Jul 14 12:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12097]: pam_unix(cron:session): session closed for user root
Jul 14 12:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14952]: pam_unix(cron:session): session closed for user root
Jul 14 12:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14951]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14121]: pam_unix(cron:session): session closed for user root
Jul 14 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15396]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15392]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15395]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15394]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15392]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15462]: Successful su for rubyman by root
Jul 14 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15462]: + ??? root:rubyman
Jul 14 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15462]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784395 of user rubyman.
Jul 14 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15462]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784395.
Jul 14 12:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12690]: pam_unix(cron:session): session closed for user root
Jul 14 12:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15394]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14525]: pam_unix(cron:session): session closed for user root
Jul 14 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15806]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15804]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15805]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15803]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15803]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15868]: Successful su for rubyman by root
Jul 14 12:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15868]: + ??? root:rubyman
Jul 14 12:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15868]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784398 of user rubyman.
Jul 14 12:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15868]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784398.
Jul 14 12:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13166]: pam_unix(cron:session): session closed for user root
Jul 14 12:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15804]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14954]: pam_unix(cron:session): session closed for user root
Jul 14 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16211]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16209]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16210]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16208]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16208]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16270]: Successful su for rubyman by root
Jul 14 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16270]: + ??? root:rubyman
Jul 14 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16270]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784403 of user rubyman.
Jul 14 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16270]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784403.
Jul 14 12:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13715]: pam_unix(cron:session): session closed for user root
Jul 14 12:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16209]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15396]: pam_unix(cron:session): session closed for user root
Jul 14 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16666]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16668]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16667]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16669]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16666]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16733]: Successful su for rubyman by root
Jul 14 12:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16733]: + ??? root:rubyman
Jul 14 12:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16733]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784409 of user rubyman.
Jul 14 12:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16733]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784409.
Jul 14 12:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14120]: pam_unix(cron:session): session closed for user root
Jul 14 12:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16667]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15806]: pam_unix(cron:session): session closed for user root
Jul 14 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17107]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17106]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17104]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17105]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17103]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17102]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17107]: pam_unix(cron:session): session closed for user root
Jul 14 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17102]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17179]: Successful su for rubyman by root
Jul 14 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17179]: + ??? root:rubyman
Jul 14 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17179]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784411 of user rubyman.
Jul 14 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17179]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784411.
Jul 14 12:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17104]: pam_unix(cron:session): session closed for user root
Jul 14 12:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14524]: pam_unix(cron:session): session closed for user root
Jul 14 12:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17103]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16211]: pam_unix(cron:session): session closed for user root
Jul 14 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17578]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17579]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17577]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17575]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17575]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17653]: Successful su for rubyman by root
Jul 14 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17653]: + ??? root:rubyman
Jul 14 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17653]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784418 of user rubyman.
Jul 14 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17653]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784418.
Jul 14 12:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
Jul 14 12:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14953]: pam_unix(cron:session): session closed for user root
Jul 14 12:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17713]: Failed password for root from 190.103.202.7 port 57238 ssh2
Jul 14 12:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17713]: Connection closed by 190.103.202.7 port 57238 [preauth]
Jul 14 12:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17577]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16669]: pam_unix(cron:session): session closed for user root
Jul 14 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18127]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18124]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18126]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18123]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18123]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18187]: Successful su for rubyman by root
Jul 14 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18187]: + ??? root:rubyman
Jul 14 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18187]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784420 of user rubyman.
Jul 14 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18187]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784420.
Jul 14 12:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15395]: pam_unix(cron:session): session closed for user root
Jul 14 12:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18124]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17106]: pam_unix(cron:session): session closed for user root
Jul 14 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18570]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18567]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18569]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18563]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18563]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18628]: Successful su for rubyman by root
Jul 14 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18628]: + ??? root:rubyman
Jul 14 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18628]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784424 of user rubyman.
Jul 14 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18628]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784424.
Jul 14 12:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15805]: pam_unix(cron:session): session closed for user root
Jul 14 12:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18567]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17579]: pam_unix(cron:session): session closed for user root
Jul 14 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18986]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18987]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18984]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18983]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18983]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19050]: Successful su for rubyman by root
Jul 14 12:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19050]: + ??? root:rubyman
Jul 14 12:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19050]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784428 of user rubyman.
Jul 14 12:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19050]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784428.
Jul 14 12:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16210]: pam_unix(cron:session): session closed for user root
Jul 14 12:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18984]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18127]: pam_unix(cron:session): session closed for user root
Jul 14 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19424]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19428]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19425]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19423]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19427]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19421]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19428]: pam_unix(cron:session): session closed for user root
Jul 14 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19421]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19492]: Successful su for rubyman by root
Jul 14 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19492]: + ??? root:rubyman
Jul 14 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19492]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784437 of user rubyman.
Jul 14 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19492]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784437.
Jul 14 12:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16668]: pam_unix(cron:session): session closed for user root
Jul 14 12:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19424]: pam_unix(cron:session): session closed for user root
Jul 14 12:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19423]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.80.6  user=root
Jul 14 12:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19766]: Failed password for root from 102.210.80.6 port 46265 ssh2
Jul 14 12:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19766]: Received disconnect from 102.210.80.6 port 46265:11: Bye Bye [preauth]
Jul 14 12:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19766]: Disconnected from 102.210.80.6 port 46265 [preauth]
Jul 14 12:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18570]: pam_unix(cron:session): session closed for user root
Jul 14 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19897]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19899]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19896]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19895]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19895]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19967]: Successful su for rubyman by root
Jul 14 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19967]: + ??? root:rubyman
Jul 14 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19967]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784438 of user rubyman.
Jul 14 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19967]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784438.
Jul 14 12:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17105]: pam_unix(cron:session): session closed for user root
Jul 14 12:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19896]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18987]: pam_unix(cron:session): session closed for user root
Jul 14 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20317]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20316]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20318]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20315]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20315]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20381]: Successful su for rubyman by root
Jul 14 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20381]: + ??? root:rubyman
Jul 14 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20381]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784444 of user rubyman.
Jul 14 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20381]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784444.
Jul 14 12:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17578]: pam_unix(cron:session): session closed for user root
Jul 14 12:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20316]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19427]: pam_unix(cron:session): session closed for user root
Jul 14 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20741]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20744]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20740]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20738]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20738]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20806]: Successful su for rubyman by root
Jul 14 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20806]: + ??? root:rubyman
Jul 14 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20806]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784446 of user rubyman.
Jul 14 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20806]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784446.
Jul 14 12:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18126]: pam_unix(cron:session): session closed for user root
Jul 14 12:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20740]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19899]: pam_unix(cron:session): session closed for user root
Jul 14 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21162]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21163]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21160]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21159]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21159]: pam_unix(cron:session): session closed for user p13x
Jul 14 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21247]: Successful su for rubyman by root
Jul 14 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21247]: + ??? root:rubyman
Jul 14 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21247]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784453 of user rubyman.
Jul 14 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21247]: pam_unix(su:session): session closed for user rubyman
Jul 14 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784453.
Jul 14 12:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18569]: pam_unix(cron:session): session closed for user root
Jul 14 12:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21160]: pam_unix(cron:session): session closed for user samftp
Jul 14 12:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20318]: pam_unix(cron:session): session closed for user root
Jul 14 12:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 12:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21596]: Did not receive identification string from 92.118.39.92
Jul 14 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21629]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21627]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21628]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21618]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21617]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21616]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21615]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21629]: pam_unix(cron:session): session closed for user root
Jul 14 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21617]: pam_unix(cron:session): session closed for user root
Jul 14 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21615]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21752]: Successful su for rubyman by root
Jul 14 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21752]: + ??? root:rubyman
Jul 14 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21752]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784457 of user rubyman.
Jul 14 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21752]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784457.
Jul 14 13:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18986]: pam_unix(cron:session): session closed for user root
Jul 14 13:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21618]: pam_unix(cron:session): session closed for user root
Jul 14 13:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21616]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20744]: pam_unix(cron:session): session closed for user root
Jul 14 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22522]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22523]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22521]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22520]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22520]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22603]: Successful su for rubyman by root
Jul 14 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22603]: + ??? root:rubyman
Jul 14 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22603]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784462 of user rubyman.
Jul 14 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22603]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784462.
Jul 14 13:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19425]: pam_unix(cron:session): session closed for user root
Jul 14 13:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22521]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.254.229.191  user=root
Jul 14 13:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22893]: Failed password for root from 170.254.229.191 port 34242 ssh2
Jul 14 13:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22893]: Received disconnect from 170.254.229.191 port 34242:11: Bye Bye [preauth]
Jul 14 13:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22893]: Disconnected from 170.254.229.191 port 34242 [preauth]
Jul 14 13:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21163]: pam_unix(cron:session): session closed for user root
Jul 14 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23024]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23022]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23021]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23020]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23020]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23081]: Successful su for rubyman by root
Jul 14 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23081]: + ??? root:rubyman
Jul 14 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23081]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784465 of user rubyman.
Jul 14 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23081]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784465.
Jul 14 13:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19897]: pam_unix(cron:session): session closed for user root
Jul 14 13:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23021]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21628]: pam_unix(cron:session): session closed for user root
Jul 14 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23532]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23533]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23534]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23531]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23531]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23599]: Successful su for rubyman by root
Jul 14 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23599]: + ??? root:rubyman
Jul 14 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23599]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784469 of user rubyman.
Jul 14 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23599]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784469.
Jul 14 13:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20317]: pam_unix(cron:session): session closed for user root
Jul 14 13:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23532]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.80.6  user=root
Jul 14 13:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23929]: Failed password for root from 102.210.80.6 port 59117 ssh2
Jul 14 13:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23929]: Received disconnect from 102.210.80.6 port 59117:11: Bye Bye [preauth]
Jul 14 13:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23929]: Disconnected from 102.210.80.6 port 59117 [preauth]
Jul 14 13:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22523]: pam_unix(cron:session): session closed for user root
Jul 14 13:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.254.229.191  user=root
Jul 14 13:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24052]: Failed password for root from 170.254.229.191 port 40772 ssh2
Jul 14 13:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24052]: Received disconnect from 170.254.229.191 port 40772:11: Bye Bye [preauth]
Jul 14 13:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24052]: Disconnected from 170.254.229.191 port 40772 [preauth]
Jul 14 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24074]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24075]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24071]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24072]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24071]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24134]: Successful su for rubyman by root
Jul 14 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24134]: + ??? root:rubyman
Jul 14 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24134]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784474 of user rubyman.
Jul 14 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24134]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784474.
Jul 14 13:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20741]: pam_unix(cron:session): session closed for user root
Jul 14 13:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24072]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23024]: pam_unix(cron:session): session closed for user root
Jul 14 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24549]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24550]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24552]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24553]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24548]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24547]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24553]: pam_unix(cron:session): session closed for user root
Jul 14 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24547]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24630]: Successful su for rubyman by root
Jul 14 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24630]: + ??? root:rubyman
Jul 14 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24630]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784479 of user rubyman.
Jul 14 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24630]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784479.
Jul 14 13:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24549]: pam_unix(cron:session): session closed for user root
Jul 14 13:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21162]: pam_unix(cron:session): session closed for user root
Jul 14 13:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24548]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.254.229.191  user=root
Jul 14 13:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24872]: Failed password for root from 170.254.229.191 port 40566 ssh2
Jul 14 13:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24872]: Received disconnect from 170.254.229.191 port 40566:11: Bye Bye [preauth]
Jul 14 13:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24872]: Disconnected from 170.254.229.191 port 40566 [preauth]
Jul 14 13:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23534]: pam_unix(cron:session): session closed for user root
Jul 14 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25019]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25016]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25017]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25014]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25014]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25086]: Successful su for rubyman by root
Jul 14 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25086]: + ??? root:rubyman
Jul 14 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25086]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784484 of user rubyman.
Jul 14 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25086]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784484.
Jul 14 13:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21627]: pam_unix(cron:session): session closed for user root
Jul 14 13:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25016]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.254.229.191  user=root
Jul 14 13:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24075]: pam_unix(cron:session): session closed for user root
Jul 14 13:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25373]: Failed password for root from 170.254.229.191 port 43154 ssh2
Jul 14 13:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25373]: Received disconnect from 170.254.229.191 port 43154:11: Bye Bye [preauth]
Jul 14 13:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25373]: Disconnected from 170.254.229.191 port 43154 [preauth]
Jul 14 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25456]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25457]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25454]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25455]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25454]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25516]: Successful su for rubyman by root
Jul 14 13:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25516]: + ??? root:rubyman
Jul 14 13:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25516]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784488 of user rubyman.
Jul 14 13:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25516]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784488.
Jul 14 13:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22522]: pam_unix(cron:session): session closed for user root
Jul 14 13:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25455]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24552]: pam_unix(cron:session): session closed for user root
Jul 14 13:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.254.229.191  user=root
Jul 14 13:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25935]: Failed password for root from 170.254.229.191 port 41582 ssh2
Jul 14 13:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25935]: Received disconnect from 170.254.229.191 port 41582:11: Bye Bye [preauth]
Jul 14 13:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25935]: Disconnected from 170.254.229.191 port 41582 [preauth]
Jul 14 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25964]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25963]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25962]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25961]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25961]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26025]: Successful su for rubyman by root
Jul 14 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26025]: + ??? root:rubyman
Jul 14 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26025]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784491 of user rubyman.
Jul 14 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26025]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784491.
Jul 14 13:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23022]: pam_unix(cron:session): session closed for user root
Jul 14 13:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25962]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25019]: pam_unix(cron:session): session closed for user root
Jul 14 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26397]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26394]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26396]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26395]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26392]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26394]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26623]: Successful su for rubyman by root
Jul 14 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26623]: + ??? root:rubyman
Jul 14 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26623]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784496 of user rubyman.
Jul 14 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26623]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784496.
Jul 14 13:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26392]: pam_unix(cron:session): session closed for user root
Jul 14 13:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23533]: pam_unix(cron:session): session closed for user root
Jul 14 13:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26395]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.254.229.191  user=root
Jul 14 13:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26869]: Failed password for root from 170.254.229.191 port 48714 ssh2
Jul 14 13:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26869]: Received disconnect from 170.254.229.191 port 48714:11: Bye Bye [preauth]
Jul 14 13:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26869]: Disconnected from 170.254.229.191 port 48714 [preauth]
Jul 14 13:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25457]: pam_unix(cron:session): session closed for user root
Jul 14 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27125]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27124]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27126]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27123]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27122]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27127]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27127]: pam_unix(cron:session): session closed for user root
Jul 14 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27122]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27203]: Successful su for rubyman by root
Jul 14 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27203]: + ??? root:rubyman
Jul 14 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27203]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784503 of user rubyman.
Jul 14 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27203]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784503.
Jul 14 13:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27124]: pam_unix(cron:session): session closed for user root
Jul 14 13:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24074]: pam_unix(cron:session): session closed for user root
Jul 14 13:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27123]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.254.229.191  user=root
Jul 14 13:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27611]: Failed password for root from 170.254.229.191 port 33550 ssh2
Jul 14 13:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27611]: Received disconnect from 170.254.229.191 port 33550:11: Bye Bye [preauth]
Jul 14 13:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27611]: Disconnected from 170.254.229.191 port 33550 [preauth]
Jul 14 13:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25964]: pam_unix(cron:session): session closed for user root
Jul 14 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27718]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27719]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27715]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27716]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27715]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27789]: Successful su for rubyman by root
Jul 14 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27789]: + ??? root:rubyman
Jul 14 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27789]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784508 of user rubyman.
Jul 14 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27789]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784508.
Jul 14 13:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24550]: pam_unix(cron:session): session closed for user root
Jul 14 13:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27716]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.80.6  user=root
Jul 14 13:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28051]: Failed password for root from 102.210.80.6 port 42294 ssh2
Jul 14 13:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28051]: Received disconnect from 102.210.80.6 port 42294:11: Bye Bye [preauth]
Jul 14 13:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28051]: Disconnected from 102.210.80.6 port 42294 [preauth]
Jul 14 13:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26397]: pam_unix(cron:session): session closed for user root
Jul 14 13:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.254.229.191  user=root
Jul 14 13:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28120]: Failed password for root from 170.254.229.191 port 40160 ssh2
Jul 14 13:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28120]: Received disconnect from 170.254.229.191 port 40160:11: Bye Bye [preauth]
Jul 14 13:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28120]: Disconnected from 170.254.229.191 port 40160 [preauth]
Jul 14 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28172]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28171]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28170]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28169]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28169]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28233]: Successful su for rubyman by root
Jul 14 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28233]: + ??? root:rubyman
Jul 14 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28233]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784510 of user rubyman.
Jul 14 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28233]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784510.
Jul 14 13:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25017]: pam_unix(cron:session): session closed for user root
Jul 14 13:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28170]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27126]: pam_unix(cron:session): session closed for user root
Jul 14 13:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28578]: Invalid user rylie from 80.94.95.15
Jul 14 13:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28578]: input_userauth_request: invalid user rylie [preauth]
Jul 14 13:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28578]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.15
Jul 14 13:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28578]: Failed password for invalid user rylie from 80.94.95.15 port 37668 ssh2
Jul 14 13:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28578]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28578]: Failed password for invalid user rylie from 80.94.95.15 port 37668 ssh2
Jul 14 13:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28578]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28578]: Failed password for invalid user rylie from 80.94.95.15 port 37668 ssh2
Jul 14 13:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28578]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28578]: Failed password for invalid user rylie from 80.94.95.15 port 37668 ssh2
Jul 14 13:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.254.229.191  user=root
Jul 14 13:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28578]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28600]: Failed password for root from 170.254.229.191 port 53760 ssh2
Jul 14 13:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28578]: Failed password for invalid user rylie from 80.94.95.15 port 37668 ssh2
Jul 14 13:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28600]: Received disconnect from 170.254.229.191 port 53760:11: Bye Bye [preauth]
Jul 14 13:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28600]: Disconnected from 170.254.229.191 port 53760 [preauth]
Jul 14 13:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28578]: Received disconnect from 80.94.95.15 port 37668:11: Bye [preauth]
Jul 14 13:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28578]: Disconnected from 80.94.95.15 port 37668 [preauth]
Jul 14 13:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28578]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.15
Jul 14 13:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28578]: PAM service(sshd) ignoring max retries; 5 > 3
Jul 14 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28614]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28615]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28612]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28613]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28612]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28675]: Successful su for rubyman by root
Jul 14 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28675]: + ??? root:rubyman
Jul 14 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28675]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784515 of user rubyman.
Jul 14 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28675]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784515.
Jul 14 13:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25456]: pam_unix(cron:session): session closed for user root
Jul 14 13:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28613]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
Jul 14 13:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28938]: Failed password for root from 164.68.105.9 port 55742 ssh2
Jul 14 13:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28938]: Connection closed by 164.68.105.9 port 55742 [preauth]
Jul 14 13:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27719]: pam_unix(cron:session): session closed for user root
Jul 14 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29117]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29113]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29116]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29115]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29113]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29188]: Successful su for rubyman by root
Jul 14 13:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29188]: + ??? root:rubyman
Jul 14 13:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29188]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784519 of user rubyman.
Jul 14 13:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29188]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784519.
Jul 14 13:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25963]: pam_unix(cron:session): session closed for user root
Jul 14 13:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29115]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.254.229.191  user=root
Jul 14 13:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29397]: Failed password for root from 170.254.229.191 port 46752 ssh2
Jul 14 13:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29397]: Received disconnect from 170.254.229.191 port 46752:11: Bye Bye [preauth]
Jul 14 13:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29397]: Disconnected from 170.254.229.191 port 46752 [preauth]
Jul 14 13:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28172]: pam_unix(cron:session): session closed for user root
Jul 14 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29560]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29558]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29562]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29565]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29559]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29564]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29565]: pam_unix(cron:session): session closed for user root
Jul 14 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29558]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29634]: Successful su for rubyman by root
Jul 14 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29634]: + ??? root:rubyman
Jul 14 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29634]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784523 of user rubyman.
Jul 14 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29634]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784523.
Jul 14 13:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26396]: pam_unix(cron:session): session closed for user root
Jul 14 13:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29560]: pam_unix(cron:session): session closed for user root
Jul 14 13:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29559]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.254.229.191  user=root
Jul 14 13:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29924]: Failed password for root from 170.254.229.191 port 51632 ssh2
Jul 14 13:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29924]: Received disconnect from 170.254.229.191 port 51632:11: Bye Bye [preauth]
Jul 14 13:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29924]: Disconnected from 170.254.229.191 port 51632 [preauth]
Jul 14 13:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28615]: pam_unix(cron:session): session closed for user root
Jul 14 13:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30014]: Did not receive identification string from 80.94.95.117
Jul 14 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30027]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30025]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30026]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30024]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30024]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30097]: Successful su for rubyman by root
Jul 14 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30097]: + ??? root:rubyman
Jul 14 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30097]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784528 of user rubyman.
Jul 14 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30097]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784528.
Jul 14 13:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27125]: pam_unix(cron:session): session closed for user root
Jul 14 13:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30025]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29117]: pam_unix(cron:session): session closed for user root
Jul 14 13:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.254.229.191  user=root
Jul 14 13:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30406]: Failed password for root from 170.254.229.191 port 44024 ssh2
Jul 14 13:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30406]: Received disconnect from 170.254.229.191 port 44024:11: Bye Bye [preauth]
Jul 14 13:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30406]: Disconnected from 170.254.229.191 port 44024 [preauth]
Jul 14 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30444]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30446]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30445]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30441]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30438]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30438]: pam_unix(cron:session): session closed for user root
Jul 14 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30441]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30511]: Successful su for rubyman by root
Jul 14 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30511]: + ??? root:rubyman
Jul 14 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30511]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784532 of user rubyman.
Jul 14 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30511]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784532.
Jul 14 13:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27718]: pam_unix(cron:session): session closed for user root
Jul 14 13:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30444]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29564]: pam_unix(cron:session): session closed for user root
Jul 14 13:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.160  user=root
Jul 14 13:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30808]: Failed password for root from 195.178.110.160 port 34950 ssh2
Jul 14 13:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30808]: Connection closed by 195.178.110.160 port 34950 [preauth]
Jul 14 13:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.160  user=root
Jul 14 13:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30829]: Failed password for root from 195.178.110.160 port 34952 ssh2
Jul 14 13:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30829]: Connection closed by 195.178.110.160 port 34952 [preauth]
Jul 14 13:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.160  user=root
Jul 14 13:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30850]: Failed password for root from 195.178.110.160 port 34960 ssh2
Jul 14 13:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30850]: Connection closed by 195.178.110.160 port 34960 [preauth]
Jul 14 13:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.160  user=root
Jul 14 13:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30852]: Failed password for root from 195.178.110.160 port 50692 ssh2
Jul 14 13:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30852]: Connection closed by 195.178.110.160 port 50692 [preauth]
Jul 14 13:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.160  user=root
Jul 14 13:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30863]: Failed password for root from 195.178.110.160 port 50708 ssh2
Jul 14 13:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30863]: Connection closed by 195.178.110.160 port 50708 [preauth]
Jul 14 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30880]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30879]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30881]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30882]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30879]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31009]: Successful su for rubyman by root
Jul 14 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31009]: + ??? root:rubyman
Jul 14 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31009]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784537 of user rubyman.
Jul 14 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31009]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784537.
Jul 14 13:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28171]: pam_unix(cron:session): session closed for user root
Jul 14 13:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.254.229.191  user=root
Jul 14 13:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31190]: Failed password for root from 170.254.229.191 port 58502 ssh2
Jul 14 13:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31190]: Received disconnect from 170.254.229.191 port 58502:11: Bye Bye [preauth]
Jul 14 13:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31190]: Disconnected from 170.254.229.191 port 58502 [preauth]
Jul 14 13:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30880]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30027]: pam_unix(cron:session): session closed for user root
Jul 14 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31398]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31395]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31399]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31396]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31395]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31460]: Successful su for rubyman by root
Jul 14 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31460]: + ??? root:rubyman
Jul 14 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31460]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784541 of user rubyman.
Jul 14 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31460]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784541.
Jul 14 13:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28614]: pam_unix(cron:session): session closed for user root
Jul 14 13:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31396]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.254.229.191  user=root
Jul 14 13:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31734]: Failed password for root from 170.254.229.191 port 38714 ssh2
Jul 14 13:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31734]: Received disconnect from 170.254.229.191 port 38714:11: Bye Bye [preauth]
Jul 14 13:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31734]: Disconnected from 170.254.229.191 port 38714 [preauth]
Jul 14 13:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30446]: pam_unix(cron:session): session closed for user root
Jul 14 13:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.80.6  user=root
Jul 14 13:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31801]: Failed password for root from 102.210.80.6 port 41888 ssh2
Jul 14 13:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31801]: Received disconnect from 102.210.80.6 port 41888:11: Bye Bye [preauth]
Jul 14 13:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31801]: Disconnected from 102.210.80.6 port 41888 [preauth]
Jul 14 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31858]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31857]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31855]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31861]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31860]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31856]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31861]: pam_unix(cron:session): session closed for user root
Jul 14 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31855]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31980]: Successful su for rubyman by root
Jul 14 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31980]: + ??? root:rubyman
Jul 14 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31980]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784549 of user rubyman.
Jul 14 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31980]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784549.
Jul 14 13:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31857]: pam_unix(cron:session): session closed for user root
Jul 14 13:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29116]: pam_unix(cron:session): session closed for user root
Jul 14 13:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31856]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30882]: pam_unix(cron:session): session closed for user root
Jul 14 13:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.254.229.191  user=root
Jul 14 13:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32581]: Failed password for root from 170.254.229.191 port 60136 ssh2
Jul 14 13:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32581]: Received disconnect from 170.254.229.191 port 60136:11: Bye Bye [preauth]
Jul 14 13:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32581]: Disconnected from 170.254.229.191 port 60136 [preauth]
Jul 14 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32731]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32734]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32730]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32728]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32728]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[350]: Successful su for rubyman by root
Jul 14 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[350]: + ??? root:rubyman
Jul 14 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[350]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784552 of user rubyman.
Jul 14 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[350]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784552.
Jul 14 13:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29562]: pam_unix(cron:session): session closed for user root
Jul 14 13:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32730]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31399]: pam_unix(cron:session): session closed for user root
Jul 14 13:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.254.229.191  user=root
Jul 14 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[791]: Failed password for root from 170.254.229.191 port 45604 ssh2
Jul 14 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[791]: Received disconnect from 170.254.229.191 port 45604:11: Bye Bye [preauth]
Jul 14 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[791]: Disconnected from 170.254.229.191 port 45604 [preauth]
Jul 14 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[803]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[802]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[801]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[804]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[801]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[877]: Successful su for rubyman by root
Jul 14 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[877]: + ??? root:rubyman
Jul 14 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[877]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784557 of user rubyman.
Jul 14 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[877]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784557.
Jul 14 13:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30026]: pam_unix(cron:session): session closed for user root
Jul 14 13:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.160  user=root
Jul 14 13:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[802]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1107]: Failed password for root from 195.178.110.160 port 56026 ssh2
Jul 14 13:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1107]: Connection closed by 195.178.110.160 port 56026 [preauth]
Jul 14 13:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.160  user=root
Jul 14 13:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1135]: Failed password for root from 195.178.110.160 port 57896 ssh2
Jul 14 13:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1135]: Connection closed by 195.178.110.160 port 57896 [preauth]
Jul 14 13:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.160  user=root
Jul 14 13:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1138]: Failed password for root from 195.178.110.160 port 57904 ssh2
Jul 14 13:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1138]: Connection closed by 195.178.110.160 port 57904 [preauth]
Jul 14 13:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.160  user=root
Jul 14 13:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1167]: Failed password for root from 195.178.110.160 port 57918 ssh2
Jul 14 13:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1167]: Connection closed by 195.178.110.160 port 57918 [preauth]
Jul 14 13:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.160  user=root
Jul 14 13:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1169]: Failed password for root from 195.178.110.160 port 52618 ssh2
Jul 14 13:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1169]: Connection closed by 195.178.110.160 port 52618 [preauth]
Jul 14 13:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31860]: pam_unix(cron:session): session closed for user root
Jul 14 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1330]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1331]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1329]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1328]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1328]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1394]: Successful su for rubyman by root
Jul 14 13:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1394]: + ??? root:rubyman
Jul 14 13:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1394]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784560 of user rubyman.
Jul 14 13:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1394]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784560.
Jul 14 13:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30445]: pam_unix(cron:session): session closed for user root
Jul 14 13:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1329]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.254.229.191  user=root
Jul 14 13:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1694]: Failed password for root from 170.254.229.191 port 54318 ssh2
Jul 14 13:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1694]: Received disconnect from 170.254.229.191 port 54318:11: Bye Bye [preauth]
Jul 14 13:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1694]: Disconnected from 170.254.229.191 port 54318 [preauth]
Jul 14 13:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32734]: pam_unix(cron:session): session closed for user root
Jul 14 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1842]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1841]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1843]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1839]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1839]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1955]: Successful su for rubyman by root
Jul 14 13:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1955]: + ??? root:rubyman
Jul 14 13:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1955]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784565 of user rubyman.
Jul 14 13:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1955]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784565.
Jul 14 13:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30881]: pam_unix(cron:session): session closed for user root
Jul 14 13:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1841]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[804]: pam_unix(cron:session): session closed for user root
Jul 14 13:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.254.229.191  user=root
Jul 14 13:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2294]: Failed password for root from 170.254.229.191 port 56218 ssh2
Jul 14 13:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2294]: Received disconnect from 170.254.229.191 port 56218:11: Bye Bye [preauth]
Jul 14 13:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2294]: Disconnected from 170.254.229.191 port 56218 [preauth]
Jul 14 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2348]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2345]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2344]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2351]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2347]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2346]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2351]: pam_unix(cron:session): session closed for user root
Jul 14 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2344]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2436]: Successful su for rubyman by root
Jul 14 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2436]: + ??? root:rubyman
Jul 14 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2436]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784567 of user rubyman.
Jul 14 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2436]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784567.
Jul 14 13:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31398]: pam_unix(cron:session): session closed for user root
Jul 14 13:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2346]: pam_unix(cron:session): session closed for user root
Jul 14 13:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2345]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1331]: pam_unix(cron:session): session closed for user root
Jul 14 13:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.254.229.191  user=root
Jul 14 13:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2833]: Failed password for root from 170.254.229.191 port 48796 ssh2
Jul 14 13:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2833]: Received disconnect from 170.254.229.191 port 48796:11: Bye Bye [preauth]
Jul 14 13:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2833]: Disconnected from 170.254.229.191 port 48796 [preauth]
Jul 14 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2849]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2848]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2847]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2845]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2845]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2925]: Successful su for rubyman by root
Jul 14 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2925]: + ??? root:rubyman
Jul 14 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2925]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784573 of user rubyman.
Jul 14 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2925]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784573.
Jul 14 13:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31858]: pam_unix(cron:session): session closed for user root
Jul 14 13:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2847]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1843]: pam_unix(cron:session): session closed for user root
Jul 14 13:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3212]: Invalid user qs from 46.101.170.54
Jul 14 13:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3212]: input_userauth_request: invalid user qs [preauth]
Jul 14 13:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3212]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.170.54
Jul 14 13:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3212]: Failed password for invalid user qs from 46.101.170.54 port 55684 ssh2
Jul 14 13:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3212]: Connection closed by 46.101.170.54 port 55684 [preauth]
Jul 14 13:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3280]: Invalid user  from 210.16.168.165
Jul 14 13:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3280]: input_userauth_request: invalid user  [preauth]
Jul 14 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3303]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3301]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3302]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3305]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3301]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3280]: Connection closed by 210.16.168.165 port 48090 [preauth]
Jul 14 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3369]: Successful su for rubyman by root
Jul 14 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3369]: + ??? root:rubyman
Jul 14 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3369]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784580 of user rubyman.
Jul 14 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3369]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784580.
Jul 14 13:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32731]: pam_unix(cron:session): session closed for user root
Jul 14 13:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3302]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.254.229.191  user=root
Jul 14 13:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3622]: Failed password for root from 170.254.229.191 port 54754 ssh2
Jul 14 13:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3622]: Received disconnect from 170.254.229.191 port 54754:11: Bye Bye [preauth]
Jul 14 13:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3622]: Disconnected from 170.254.229.191 port 54754 [preauth]
Jul 14 13:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.80.6  user=root
Jul 14 13:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3691]: Failed password for root from 102.210.80.6 port 49646 ssh2
Jul 14 13:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3691]: Received disconnect from 102.210.80.6 port 49646:11: Bye Bye [preauth]
Jul 14 13:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3691]: Disconnected from 102.210.80.6 port 49646 [preauth]
Jul 14 13:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2348]: pam_unix(cron:session): session closed for user root
Jul 14 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3788]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3789]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3787]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3785]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3785]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3849]: Successful su for rubyman by root
Jul 14 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3849]: + ??? root:rubyman
Jul 14 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3849]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784582 of user rubyman.
Jul 14 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3849]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784582.
Jul 14 13:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[803]: pam_unix(cron:session): session closed for user root
Jul 14 13:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3787]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.254.229.191  user=root
Jul 14 13:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4154]: Failed password for root from 170.254.229.191 port 32810 ssh2
Jul 14 13:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4154]: Received disconnect from 170.254.229.191 port 32810:11: Bye Bye [preauth]
Jul 14 13:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4154]: Disconnected from 170.254.229.191 port 32810 [preauth]
Jul 14 13:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2849]: pam_unix(cron:session): session closed for user root
Jul 14 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4273]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4274]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4272]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4271]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4271]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4576]: Successful su for rubyman by root
Jul 14 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4576]: + ??? root:rubyman
Jul 14 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4576]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784585 of user rubyman.
Jul 14 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4576]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784585.
Jul 14 13:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1330]: pam_unix(cron:session): session closed for user root
Jul 14 13:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4272]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3305]: pam_unix(cron:session): session closed for user root
Jul 14 13:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.254.229.191  user=root
Jul 14 13:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4926]: Failed password for root from 170.254.229.191 port 44368 ssh2
Jul 14 13:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4926]: Received disconnect from 170.254.229.191 port 44368:11: Bye Bye [preauth]
Jul 14 13:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4926]: Disconnected from 170.254.229.191 port 44368 [preauth]
Jul 14 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4971]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4973]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4970]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4974]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4969]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4972]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4974]: pam_unix(cron:session): session closed for user root
Jul 14 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4969]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5240]: Successful su for rubyman by root
Jul 14 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5240]: + ??? root:rubyman
Jul 14 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5240]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784590 of user rubyman.
Jul 14 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5240]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784590.
Jul 14 13:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4971]: pam_unix(cron:session): session closed for user root
Jul 14 13:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1842]: pam_unix(cron:session): session closed for user root
Jul 14 13:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4970]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3789]: pam_unix(cron:session): session closed for user root
Jul 14 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5695]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5697]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5694]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5692]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5692]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5768]: Successful su for rubyman by root
Jul 14 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5768]: + ??? root:rubyman
Jul 14 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5768]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784596 of user rubyman.
Jul 14 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5768]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784596.
Jul 14 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.254.229.191  user=root
Jul 14 13:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5779]: Failed password for root from 170.254.229.191 port 43430 ssh2
Jul 14 13:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5779]: Received disconnect from 170.254.229.191 port 43430:11: Bye Bye [preauth]
Jul 14 13:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5779]: Disconnected from 170.254.229.191 port 43430 [preauth]
Jul 14 13:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2347]: pam_unix(cron:session): session closed for user root
Jul 14 13:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5694]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4274]: pam_unix(cron:session): session closed for user root
Jul 14 13:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6227]: Bad protocol version identification 'MGLNDD_198.199.94.12_22' from 20.168.15.107 port 48206
Jul 14 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6245]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6246]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6244]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6242]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6242]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6313]: Successful su for rubyman by root
Jul 14 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6313]: + ??? root:rubyman
Jul 14 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6313]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784599 of user rubyman.
Jul 14 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6313]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784599.
Jul 14 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6221]: Connection closed by 20.168.15.107 port 48204 [preauth]
Jul 14 13:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2848]: pam_unix(cron:session): session closed for user root
Jul 14 13:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6244]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.254.229.191  user=root
Jul 14 13:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6515]: Failed password for root from 170.254.229.191 port 54496 ssh2
Jul 14 13:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6515]: Received disconnect from 170.254.229.191 port 54496:11: Bye Bye [preauth]
Jul 14 13:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6515]: Disconnected from 170.254.229.191 port 54496 [preauth]
Jul 14 13:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165  user=root
Jul 14 13:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6537]: Failed password for root from 210.16.168.165 port 50270 ssh2
Jul 14 13:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4973]: pam_unix(cron:session): session closed for user root
Jul 14 13:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6537]: Connection closed by 210.16.168.165 port 50270 [preauth]
Jul 14 13:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6640]: Invalid user pi from 210.16.168.165
Jul 14 13:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6640]: input_userauth_request: invalid user pi [preauth]
Jul 14 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6680]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6681]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6677]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6679]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6677]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6744]: Successful su for rubyman by root
Jul 14 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6744]: + ??? root:rubyman
Jul 14 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6744]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784605 of user rubyman.
Jul 14 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6744]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784605.
Jul 14 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6640]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 13:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6640]: Failed password for invalid user pi from 210.16.168.165 port 56588 ssh2
Jul 14 13:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3303]: pam_unix(cron:session): session closed for user root
Jul 14 13:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6640]: Connection closed by 210.16.168.165 port 56588 [preauth]
Jul 14 13:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6679]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7073]: Invalid user hive from 210.16.168.165
Jul 14 13:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7073]: input_userauth_request: invalid user hive [preauth]
Jul 14 13:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7073]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 13:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.254.229.191  user=root
Jul 14 13:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7073]: Failed password for invalid user hive from 210.16.168.165 port 34670 ssh2
Jul 14 13:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7073]: Connection closed by 210.16.168.165 port 34670 [preauth]
Jul 14 13:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7119]: Failed password for root from 170.254.229.191 port 46098 ssh2
Jul 14 13:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7119]: Received disconnect from 170.254.229.191 port 46098:11: Bye Bye [preauth]
Jul 14 13:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7119]: Disconnected from 170.254.229.191 port 46098 [preauth]
Jul 14 13:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5697]: pam_unix(cron:session): session closed for user root
Jul 14 13:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7180]: Invalid user git from 210.16.168.165
Jul 14 13:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7180]: input_userauth_request: invalid user git [preauth]
Jul 14 13:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7180]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 13:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7180]: Failed password for invalid user git from 210.16.168.165 port 40978 ssh2
Jul 14 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7224]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7225]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7222]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7221]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7221]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7293]: Successful su for rubyman by root
Jul 14 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7293]: + ??? root:rubyman
Jul 14 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7293]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784607 of user rubyman.
Jul 14 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7293]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784607.
Jul 14 13:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7180]: Connection closed by 210.16.168.165 port 40978 [preauth]
Jul 14 13:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3788]: pam_unix(cron:session): session closed for user root
Jul 14 13:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7222]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7472]: Invalid user wang from 210.16.168.165
Jul 14 13:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7472]: input_userauth_request: invalid user wang [preauth]
Jul 14 13:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7472]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 13:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7472]: Failed password for invalid user wang from 210.16.168.165 port 47296 ssh2
Jul 14 13:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7472]: Connection closed by 210.16.168.165 port 47296 [preauth]
Jul 14 13:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6246]: pam_unix(cron:session): session closed for user root
Jul 14 13:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7697]: Invalid user nginx from 210.16.168.165
Jul 14 13:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7697]: input_userauth_request: invalid user nginx [preauth]
Jul 14 13:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.254.229.191  user=root
Jul 14 13:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7697]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 13:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7734]: Failed password for root from 170.254.229.191 port 51822 ssh2
Jul 14 13:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7734]: Received disconnect from 170.254.229.191 port 51822:11: Bye Bye [preauth]
Jul 14 13:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7734]: Disconnected from 170.254.229.191 port 51822 [preauth]
Jul 14 13:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7697]: Failed password for invalid user nginx from 210.16.168.165 port 53612 ssh2
Jul 14 13:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7697]: Connection closed by 210.16.168.165 port 53612 [preauth]
Jul 14 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7770]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7769]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7766]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7772]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7768]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7767]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7772]: pam_unix(cron:session): session closed for user root
Jul 14 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7766]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7844]: Successful su for rubyman by root
Jul 14 13:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7844]: + ??? root:rubyman
Jul 14 13:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7844]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784612 of user rubyman.
Jul 14 13:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7844]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784612.
Jul 14 13:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7768]: pam_unix(cron:session): session closed for user root
Jul 14 13:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4273]: pam_unix(cron:session): session closed for user root
Jul 14 13:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7767]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7889]: Invalid user mongo from 210.16.168.165
Jul 14 13:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7889]: input_userauth_request: invalid user mongo [preauth]
Jul 14 13:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7889]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 13:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7889]: Failed password for invalid user mongo from 210.16.168.165 port 59924 ssh2
Jul 14 13:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7889]: Connection closed by 210.16.168.165 port 59924 [preauth]
Jul 14 13:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6681]: pam_unix(cron:session): session closed for user root
Jul 14 13:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8248]: Invalid user user from 210.16.168.165
Jul 14 13:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8248]: input_userauth_request: invalid user user [preauth]
Jul 14 13:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8248]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 13:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8248]: Failed password for invalid user user from 210.16.168.165 port 38006 ssh2
Jul 14 13:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8248]: Connection closed by 210.16.168.165 port 38006 [preauth]
Jul 14 13:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8356]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8355]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8357]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8353]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8353]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8433]: Successful su for rubyman by root
Jul 14 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8433]: + ??? root:rubyman
Jul 14 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8433]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784619 of user rubyman.
Jul 14 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8433]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784619.
Jul 14 13:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4972]: pam_unix(cron:session): session closed for user root
Jul 14 13:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8355]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8341]: Invalid user oracle from 210.16.168.165
Jul 14 13:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8341]: input_userauth_request: invalid user oracle [preauth]
Jul 14 13:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8678]: Invalid user root1 from 170.254.229.191
Jul 14 13:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8678]: input_userauth_request: invalid user root1 [preauth]
Jul 14 13:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8678]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.254.229.191
Jul 14 13:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8678]: Failed password for invalid user root1 from 170.254.229.191 port 52000 ssh2
Jul 14 13:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8678]: Received disconnect from 170.254.229.191 port 52000:11: Bye Bye [preauth]
Jul 14 13:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8678]: Disconnected from 170.254.229.191 port 52000 [preauth]
Jul 14 13:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8341]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 13:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8341]: Failed password for invalid user oracle from 210.16.168.165 port 44320 ssh2
Jul 14 13:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8341]: Connection closed by 210.16.168.165 port 44320 [preauth]
Jul 14 13:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7225]: pam_unix(cron:session): session closed for user root
Jul 14 13:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8757]: Invalid user gpadmin from 210.16.168.165
Jul 14 13:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8757]: input_userauth_request: invalid user gpadmin [preauth]
Jul 14 13:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8757]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 13:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8757]: Failed password for invalid user gpadmin from 210.16.168.165 port 50634 ssh2
Jul 14 13:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8757]: Connection closed by 210.16.168.165 port 50634 [preauth]
Jul 14 13:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8858]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8855]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8857]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8856]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8855]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8919]: Successful su for rubyman by root
Jul 14 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8919]: + ??? root:rubyman
Jul 14 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8919]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784622 of user rubyman.
Jul 14 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8919]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784622.
Jul 14 13:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5695]: pam_unix(cron:session): session closed for user root
Jul 14 13:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165  user=root
Jul 14 13:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8830]: Failed password for root from 210.16.168.165 port 56938 ssh2
Jul 14 13:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8856]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8830]: Connection closed by 210.16.168.165 port 56938 [preauth]
Jul 14 13:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9257]: Did not receive identification string from 211.107.237.13
Jul 14 13:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9245]: Invalid user esroot from 210.16.168.165
Jul 14 13:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9245]: input_userauth_request: invalid user esroot [preauth]
Jul 14 13:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.254.229.191  user=root
Jul 14 13:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9245]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 13:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9312]: Failed password for root from 170.254.229.191 port 52788 ssh2
Jul 14 13:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9312]: Received disconnect from 170.254.229.191 port 52788:11: Bye Bye [preauth]
Jul 14 13:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9312]: Disconnected from 170.254.229.191 port 52788 [preauth]
Jul 14 13:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9245]: Failed password for invalid user esroot from 210.16.168.165 port 35028 ssh2
Jul 14 13:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9245]: Connection closed by 210.16.168.165 port 35028 [preauth]
Jul 14 13:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7770]: pam_unix(cron:session): session closed for user root
Jul 14 13:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: Invalid user admin from 80.94.95.15
Jul 14 13:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: input_userauth_request: invalid user admin [preauth]
Jul 14 13:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.15
Jul 14 13:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: Failed password for invalid user admin from 80.94.95.15 port 12882 ssh2
Jul 14 13:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: Failed password for invalid user admin from 80.94.95.15 port 12882 ssh2
Jul 14 13:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: Failed password for invalid user admin from 80.94.95.15 port 12882 ssh2
Jul 14 13:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: Failed password for invalid user admin from 80.94.95.15 port 12882 ssh2
Jul 14 13:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: Failed password for invalid user admin from 80.94.95.15 port 12882 ssh2
Jul 14 13:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: Received disconnect from 80.94.95.15 port 12882:11: Bye [preauth]
Jul 14 13:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: Disconnected from 80.94.95.15 port 12882 [preauth]
Jul 14 13:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.15
Jul 14 13:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: PAM service(sshd) ignoring max retries; 5 > 3
Jul 14 13:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9376]: Invalid user gitlab from 210.16.168.165
Jul 14 13:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9376]: input_userauth_request: invalid user gitlab [preauth]
Jul 14 13:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9376]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9416]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9414]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9413]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9415]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9413]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9476]: Successful su for rubyman by root
Jul 14 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9476]: + ??? root:rubyman
Jul 14 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9476]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784626 of user rubyman.
Jul 14 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9476]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784626.
Jul 14 13:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9376]: Failed password for invalid user gitlab from 210.16.168.165 port 41344 ssh2
Jul 14 13:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6245]: pam_unix(cron:session): session closed for user root
Jul 14 13:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9376]: Connection closed by 210.16.168.165 port 41344 [preauth]
Jul 14 13:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9414]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9677]: Invalid user apache from 210.16.168.165
Jul 14 13:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9677]: input_userauth_request: invalid user apache [preauth]
Jul 14 13:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9677]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 13:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9677]: Failed password for invalid user apache from 210.16.168.165 port 47656 ssh2
Jul 14 13:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9677]: Connection closed by 210.16.168.165 port 47656 [preauth]
Jul 14 13:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8357]: pam_unix(cron:session): session closed for user root
Jul 14 13:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.254.229.191  user=root
Jul 14 13:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9794]: Failed password for root from 170.254.229.191 port 34524 ssh2
Jul 14 13:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9794]: Received disconnect from 170.254.229.191 port 34524:11: Bye Bye [preauth]
Jul 14 13:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9794]: Disconnected from 170.254.229.191 port 34524 [preauth]
Jul 14 13:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165  user=root
Jul 14 13:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9780]: Failed password for root from 210.16.168.165 port 53966 ssh2
Jul 14 13:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9780]: Connection closed by 210.16.168.165 port 53966 [preauth]
Jul 14 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9846]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9847]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9844]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9845]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9841]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9844]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9986]: Successful su for rubyman by root
Jul 14 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9986]: + ??? root:rubyman
Jul 14 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9986]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784629 of user rubyman.
Jul 14 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9986]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784629.
Jul 14 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9841]: pam_unix(cron:session): session closed for user root
Jul 14 13:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6680]: pam_unix(cron:session): session closed for user root
Jul 14 13:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9845]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165  user=root
Jul 14 13:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10091]: Failed password for root from 210.16.168.165 port 60280 ssh2
Jul 14 13:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10091]: Connection closed by 210.16.168.165 port 60280 [preauth]
Jul 14 13:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8858]: pam_unix(cron:session): session closed for user root
Jul 14 13:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10343]: Invalid user user from 210.16.168.165
Jul 14 13:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10343]: input_userauth_request: invalid user user [preauth]
Jul 14 13:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10343]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 13:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10343]: Failed password for invalid user user from 210.16.168.165 port 38370 ssh2
Jul 14 13:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10343]: Connection closed by 210.16.168.165 port 38370 [preauth]
Jul 14 13:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.254.229.191  user=root
Jul 14 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10453]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10451]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10455]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10450]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10452]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10454]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10455]: pam_unix(cron:session): session closed for user root
Jul 14 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10450]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10447]: Failed password for root from 170.254.229.191 port 56212 ssh2
Jul 14 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10447]: Received disconnect from 170.254.229.191 port 56212:11: Bye Bye [preauth]
Jul 14 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10447]: Disconnected from 170.254.229.191 port 56212 [preauth]
Jul 14 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10530]: Successful su for rubyman by root
Jul 14 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10530]: + ??? root:rubyman
Jul 14 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10530]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784635 of user rubyman.
Jul 14 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10530]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784635.
Jul 14 13:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10452]: pam_unix(cron:session): session closed for user root
Jul 14 13:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7224]: pam_unix(cron:session): session closed for user root
Jul 14 13:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10419]: Invalid user lighthouse from 210.16.168.165
Jul 14 13:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10419]: input_userauth_request: invalid user lighthouse [preauth]
Jul 14 13:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10451]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10419]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 13:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10419]: Failed password for invalid user lighthouse from 210.16.168.165 port 44678 ssh2
Jul 14 13:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10419]: Connection closed by 210.16.168.165 port 44678 [preauth]
Jul 14 13:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10865]: Invalid user flask from 210.16.168.165
Jul 14 13:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10865]: input_userauth_request: invalid user flask [preauth]
Jul 14 13:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9416]: pam_unix(cron:session): session closed for user root
Jul 14 13:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10865]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 13:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10865]: Failed password for invalid user flask from 210.16.168.165 port 50988 ssh2
Jul 14 13:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10865]: Connection closed by 210.16.168.165 port 50988 [preauth]
Jul 14 13:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10914]: Invalid user  from 45.78.196.59
Jul 14 13:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10914]: input_userauth_request: invalid user  [preauth]
Jul 14 13:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10914]: Connection closed by 45.78.196.59 port 59278 [preauth]
Jul 14 13:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: Invalid user user1 from 210.16.168.165
Jul 14 13:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: input_userauth_request: invalid user user1 [preauth]
Jul 14 13:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: Failed password for invalid user user1 from 210.16.168.165 port 57294 ssh2
Jul 14 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10965]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10966]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10964]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10963]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10963]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11031]: Successful su for rubyman by root
Jul 14 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11031]: + ??? root:rubyman
Jul 14 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11031]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784641 of user rubyman.
Jul 14 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11031]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784641.
Jul 14 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: Connection closed by 210.16.168.165 port 57294 [preauth]
Jul 14 13:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7769]: pam_unix(cron:session): session closed for user root
Jul 14 13:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10964]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11237]: Invalid user hadoop from 210.16.168.165
Jul 14 13:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11237]: input_userauth_request: invalid user hadoop [preauth]
Jul 14 13:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11237]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 13:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9847]: pam_unix(cron:session): session closed for user root
Jul 14 13:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11237]: Failed password for invalid user hadoop from 210.16.168.165 port 35392 ssh2
Jul 14 13:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11237]: Connection closed by 210.16.168.165 port 35392 [preauth]
Jul 14 13:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11328]: Invalid user oracle from 210.16.168.165
Jul 14 13:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11328]: input_userauth_request: invalid user oracle [preauth]
Jul 14 13:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11328]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 13:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11328]: Failed password for invalid user oracle from 210.16.168.165 port 41706 ssh2
Jul 14 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11381]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11379]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11378]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11380]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11378]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11441]: Successful su for rubyman by root
Jul 14 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11441]: + ??? root:rubyman
Jul 14 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11441]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784645 of user rubyman.
Jul 14 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11441]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784645.
Jul 14 13:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11328]: Connection closed by 210.16.168.165 port 41706 [preauth]
Jul 14 13:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8356]: pam_unix(cron:session): session closed for user root
Jul 14 13:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11379]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11647]: Invalid user test from 210.16.168.165
Jul 14 13:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11647]: input_userauth_request: invalid user test [preauth]
Jul 14 13:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11647]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 13:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11647]: Failed password for invalid user test from 210.16.168.165 port 48022 ssh2
Jul 14 13:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11647]: Connection closed by 210.16.168.165 port 48022 [preauth]
Jul 14 13:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10454]: pam_unix(cron:session): session closed for user root
Jul 14 13:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165  user=root
Jul 14 13:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11732]: Failed password for root from 210.16.168.165 port 54336 ssh2
Jul 14 13:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11732]: Connection closed by 210.16.168.165 port 54336 [preauth]
Jul 14 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11814]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11816]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11815]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11813]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11813]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11876]: Successful su for rubyman by root
Jul 14 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11876]: + ??? root:rubyman
Jul 14 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11876]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784648 of user rubyman.
Jul 14 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11876]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784648.
Jul 14 13:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8857]: pam_unix(cron:session): session closed for user root
Jul 14 13:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11814]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12050]: Invalid user developer from 210.16.168.165
Jul 14 13:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12050]: input_userauth_request: invalid user developer [preauth]
Jul 14 13:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12050]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 13:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12050]: Failed password for invalid user developer from 210.16.168.165 port 60650 ssh2
Jul 14 13:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12050]: Connection closed by 210.16.168.165 port 60650 [preauth]
Jul 14 13:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10966]: pam_unix(cron:session): session closed for user root
Jul 14 13:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.80.6  user=root
Jul 14 13:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12172]: Failed password for root from 102.210.80.6 port 44736 ssh2
Jul 14 13:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12172]: Received disconnect from 102.210.80.6 port 44736:11: Bye Bye [preauth]
Jul 14 13:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12172]: Disconnected from 102.210.80.6 port 44736 [preauth]
Jul 14 13:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165  user=root
Jul 14 13:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12129]: Failed password for root from 210.16.168.165 port 38718 ssh2
Jul 14 13:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12129]: Connection closed by 210.16.168.165 port 38718 [preauth]
Jul 14 13:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12233]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12231]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12232]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12226]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12226]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12300]: Successful su for rubyman by root
Jul 14 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12300]: + ??? root:rubyman
Jul 14 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12300]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784652 of user rubyman.
Jul 14 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12300]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784652.
Jul 14 13:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9415]: pam_unix(cron:session): session closed for user root
Jul 14 13:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12206]: User mysql from 210.16.168.165 not allowed because not listed in AllowUsers
Jul 14 13:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12206]: input_userauth_request: invalid user mysql [preauth]
Jul 14 13:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165  user=mysql
Jul 14 13:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12231]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12206]: Failed password for invalid user mysql from 210.16.168.165 port 45046 ssh2
Jul 14 13:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12206]: Connection closed by 210.16.168.165 port 45046 [preauth]
Jul 14 13:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11381]: pam_unix(cron:session): session closed for user root
Jul 14 13:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165  user=root
Jul 14 13:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12600]: Failed password for root from 210.16.168.165 port 51352 ssh2
Jul 14 13:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12600]: Connection closed by 210.16.168.165 port 51352 [preauth]
Jul 14 13:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12732]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12727]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12731]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12728]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12730]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12729]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12732]: pam_unix(cron:session): session closed for user root
Jul 14 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12727]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12798]: Successful su for rubyman by root
Jul 14 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12798]: + ??? root:rubyman
Jul 14 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12798]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784660 of user rubyman.
Jul 14 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12798]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784660.
Jul 14 13:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12729]: pam_unix(cron:session): session closed for user root
Jul 14 13:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9846]: pam_unix(cron:session): session closed for user root
Jul 14 13:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12713]: Invalid user tom from 210.16.168.165
Jul 14 13:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12713]: input_userauth_request: invalid user tom [preauth]
Jul 14 13:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12728]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12713]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 13:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12713]: Failed password for invalid user tom from 210.16.168.165 port 57666 ssh2
Jul 14 13:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12713]: Connection closed by 210.16.168.165 port 57666 [preauth]
Jul 14 13:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11816]: pam_unix(cron:session): session closed for user root
Jul 14 13:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165  user=root
Jul 14 13:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13095]: Failed password for root from 210.16.168.165 port 35740 ssh2
Jul 14 13:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13095]: Connection closed by 210.16.168.165 port 35740 [preauth]
Jul 14 13:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13186]: Invalid user oscar from 210.16.168.165
Jul 14 13:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13186]: input_userauth_request: invalid user oscar [preauth]
Jul 14 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13209]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13212]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13213]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13210]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13209]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13186]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 13:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13302]: Successful su for rubyman by root
Jul 14 13:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13302]: + ??? root:rubyman
Jul 14 13:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13302]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784664 of user rubyman.
Jul 14 13:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13302]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784664.
Jul 14 13:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13186]: Failed password for invalid user oscar from 210.16.168.165 port 42066 ssh2
Jul 14 13:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10453]: pam_unix(cron:session): session closed for user root
Jul 14 13:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13186]: Connection closed by 210.16.168.165 port 42066 [preauth]
Jul 14 13:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13210]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12233]: pam_unix(cron:session): session closed for user root
Jul 14 13:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165  user=root
Jul 14 13:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13628]: Failed password for root from 210.16.168.165 port 48384 ssh2
Jul 14 13:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13628]: Connection closed by 210.16.168.165 port 48384 [preauth]
Jul 14 13:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165  user=root
Jul 14 13:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13732]: Failed password for root from 210.16.168.165 port 54698 ssh2
Jul 14 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13768]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13769]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13767]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13766]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13766]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13826]: Successful su for rubyman by root
Jul 14 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13826]: + ??? root:rubyman
Jul 14 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13826]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784668 of user rubyman.
Jul 14 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13826]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784668.
Jul 14 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13732]: Connection closed by 210.16.168.165 port 54698 [preauth]
Jul 14 13:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10965]: pam_unix(cron:session): session closed for user root
Jul 14 13:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13767]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14026]: Invalid user user1 from 210.16.168.165
Jul 14 13:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14026]: input_userauth_request: invalid user user1 [preauth]
Jul 14 13:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14026]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 13:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14026]: Failed password for invalid user user1 from 210.16.168.165 port 32780 ssh2
Jul 14 13:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14026]: Connection closed by 210.16.168.165 port 32780 [preauth]
Jul 14 13:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12731]: pam_unix(cron:session): session closed for user root
Jul 14 13:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165  user=root
Jul 14 13:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14119]: Failed password for root from 210.16.168.165 port 39090 ssh2
Jul 14 13:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14119]: Connection closed by 210.16.168.165 port 39090 [preauth]
Jul 14 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14175]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14174]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14176]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14173]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14173]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14234]: Successful su for rubyman by root
Jul 14 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14234]: + ??? root:rubyman
Jul 14 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14234]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784672 of user rubyman.
Jul 14 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14234]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784672.
Jul 14 13:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11380]: pam_unix(cron:session): session closed for user root
Jul 14 13:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14174]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14330]: Invalid user flink from 210.16.168.165
Jul 14 13:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14330]: input_userauth_request: invalid user flink [preauth]
Jul 14 13:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14330]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 13:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14330]: Failed password for invalid user flink from 210.16.168.165 port 45408 ssh2
Jul 14 13:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14330]: Connection closed by 210.16.168.165 port 45408 [preauth]
Jul 14 13:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13213]: pam_unix(cron:session): session closed for user root
Jul 14 13:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14499]: Invalid user apache from 210.16.168.165
Jul 14 13:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14499]: input_userauth_request: invalid user apache [preauth]
Jul 14 13:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14499]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 13:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14499]: Failed password for invalid user apache from 210.16.168.165 port 51722 ssh2
Jul 14 13:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14499]: Connection closed by 210.16.168.165 port 51722 [preauth]
Jul 14 13:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14587]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14585]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14586]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14584]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14584]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14654]: Successful su for rubyman by root
Jul 14 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14654]: + ??? root:rubyman
Jul 14 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14654]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784674 of user rubyman.
Jul 14 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14654]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784674.
Jul 14 13:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11815]: pam_unix(cron:session): session closed for user root
Jul 14 13:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165  user=root
Jul 14 13:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14585]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14571]: Failed password for root from 210.16.168.165 port 58032 ssh2
Jul 14 13:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14571]: Connection closed by 210.16.168.165 port 58032 [preauth]
Jul 14 13:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14872]: Invalid user nginx from 210.16.168.165
Jul 14 13:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14872]: input_userauth_request: invalid user nginx [preauth]
Jul 14 13:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13769]: pam_unix(cron:session): session closed for user root
Jul 14 13:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14872]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 13:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14872]: Failed password for invalid user nginx from 210.16.168.165 port 36118 ssh2
Jul 14 13:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14872]: Connection closed by 210.16.168.165 port 36118 [preauth]
Jul 14 13:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14960]: Invalid user esuser from 210.16.168.165
Jul 14 13:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14960]: input_userauth_request: invalid user esuser [preauth]
Jul 14 13:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15020]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15021]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15017]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15022]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15018]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15016]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15022]: pam_unix(cron:session): session closed for user root
Jul 14 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15016]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14960]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15083]: Successful su for rubyman by root
Jul 14 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15083]: + ??? root:rubyman
Jul 14 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15083]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784679 of user rubyman.
Jul 14 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15083]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784679.
Jul 14 13:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14960]: Failed password for invalid user esuser from 210.16.168.165 port 42414 ssh2
Jul 14 13:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15018]: pam_unix(cron:session): session closed for user root
Jul 14 13:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12232]: pam_unix(cron:session): session closed for user root
Jul 14 13:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15017]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14960]: Connection closed by 210.16.168.165 port 42414 [preauth]
Jul 14 13:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165  user=root
Jul 14 13:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15004]: Failed password for root from 210.16.168.165 port 48740 ssh2
Jul 14 13:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15004]: Connection closed by 210.16.168.165 port 48740 [preauth]
Jul 14 13:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14176]: pam_unix(cron:session): session closed for user root
Jul 14 13:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: Invalid user git from 210.16.168.165
Jul 14 13:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: input_userauth_request: invalid user git [preauth]
Jul 14 13:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 13:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: Failed password for invalid user git from 210.16.168.165 port 55060 ssh2
Jul 14 13:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: Connection closed by 210.16.168.165 port 55060 [preauth]
Jul 14 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15463]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15462]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15461]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15460]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15460]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15532]: Successful su for rubyman by root
Jul 14 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15532]: + ??? root:rubyman
Jul 14 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15532]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784684 of user rubyman.
Jul 14 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15532]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784684.
Jul 14 13:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12730]: pam_unix(cron:session): session closed for user root
Jul 14 13:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15461]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15708]: Invalid user postgres from 210.16.168.165
Jul 14 13:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15708]: input_userauth_request: invalid user postgres [preauth]
Jul 14 13:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15708]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 13:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15708]: Failed password for invalid user postgres from 210.16.168.165 port 33136 ssh2
Jul 14 13:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14587]: pam_unix(cron:session): session closed for user root
Jul 14 13:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15708]: Connection closed by 210.16.168.165 port 33136 [preauth]
Jul 14 13:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15815]: Invalid user svnuser from 210.16.168.165
Jul 14 13:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15815]: input_userauth_request: invalid user svnuser [preauth]
Jul 14 13:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15815]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 13:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15815]: Failed password for invalid user svnuser from 210.16.168.165 port 39452 ssh2
Jul 14 13:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15815]: Connection closed by 210.16.168.165 port 39452 [preauth]
Jul 14 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15879]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15881]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15878]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15877]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15877]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15945]: Successful su for rubyman by root
Jul 14 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15945]: + ??? root:rubyman
Jul 14 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15945]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784689 of user rubyman.
Jul 14 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15945]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784689.
Jul 14 13:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13212]: pam_unix(cron:session): session closed for user root
Jul 14 13:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15878]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16113]: Invalid user dolphinscheduler from 210.16.168.165
Jul 14 13:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16113]: input_userauth_request: invalid user dolphinscheduler [preauth]
Jul 14 13:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16113]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 13:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16113]: Failed password for invalid user dolphinscheduler from 210.16.168.165 port 45768 ssh2
Jul 14 13:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16113]: Connection closed by 210.16.168.165 port 45768 [preauth]
Jul 14 13:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.80.6  user=root
Jul 14 13:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16174]: Failed password for root from 102.210.80.6 port 58307 ssh2
Jul 14 13:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16174]: Received disconnect from 102.210.80.6 port 58307:11: Bye Bye [preauth]
Jul 14 13:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16174]: Disconnected from 102.210.80.6 port 58307 [preauth]
Jul 14 13:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15021]: pam_unix(cron:session): session closed for user root
Jul 14 13:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165  user=root
Jul 14 13:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16222]: Failed password for root from 210.16.168.165 port 52070 ssh2
Jul 14 13:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16222]: Connection closed by 210.16.168.165 port 52070 [preauth]
Jul 14 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16288]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16287]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16285]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16286]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16285]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16348]: Successful su for rubyman by root
Jul 14 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16348]: + ??? root:rubyman
Jul 14 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16348]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784693 of user rubyman.
Jul 14 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16348]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784693.
Jul 14 13:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13768]: pam_unix(cron:session): session closed for user root
Jul 14 13:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16286]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16338]: Invalid user plexserver from 210.16.168.165
Jul 14 13:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16338]: input_userauth_request: invalid user plexserver [preauth]
Jul 14 13:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16338]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 13:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16338]: Failed password for invalid user plexserver from 210.16.168.165 port 58396 ssh2
Jul 14 13:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16338]: Connection closed by 210.16.168.165 port 58396 [preauth]
Jul 14 13:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15463]: pam_unix(cron:session): session closed for user root
Jul 14 13:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16661]: Invalid user sonar from 210.16.168.165
Jul 14 13:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16661]: input_userauth_request: invalid user sonar [preauth]
Jul 14 13:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16661]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 13:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16661]: Failed password for invalid user sonar from 210.16.168.165 port 36478 ssh2
Jul 14 13:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16661]: Connection closed by 210.16.168.165 port 36478 [preauth]
Jul 14 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16760]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16759]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16761]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16757]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16757]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: Invalid user app from 210.16.168.165
Jul 14 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: input_userauth_request: invalid user app [preauth]
Jul 14 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16818]: Successful su for rubyman by root
Jul 14 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16818]: + ??? root:rubyman
Jul 14 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16818]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784696 of user rubyman.
Jul 14 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16818]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784696.
Jul 14 13:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14175]: pam_unix(cron:session): session closed for user root
Jul 14 13:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 13:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16759]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: Failed password for invalid user app from 210.16.168.165 port 42788 ssh2
Jul 14 13:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: Connection closed by 210.16.168.165 port 42788 [preauth]
Jul 14 13:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17042]: Invalid user tools from 210.16.168.165
Jul 14 13:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17042]: input_userauth_request: invalid user tools [preauth]
Jul 14 13:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17115]: Invalid user hive from 45.78.196.59
Jul 14 13:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17115]: input_userauth_request: invalid user hive [preauth]
Jul 14 13:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17115]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.78.196.59
Jul 14 13:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15881]: pam_unix(cron:session): session closed for user root
Jul 14 13:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17115]: Failed password for invalid user hive from 45.78.196.59 port 51510 ssh2
Jul 14 13:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17115]: Connection closed by 45.78.196.59 port 51510 [preauth]
Jul 14 13:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17042]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 13:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17042]: Failed password for invalid user tools from 210.16.168.165 port 49106 ssh2
Jul 14 13:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17042]: Connection closed by 210.16.168.165 port 49106 [preauth]
Jul 14 13:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17151]: Invalid user lighthouse from 210.16.168.165
Jul 14 13:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17151]: input_userauth_request: invalid user lighthouse [preauth]
Jul 14 13:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17079]: Connection closed by 45.78.196.59 port 34420 [preauth]
Jul 14 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17207]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17208]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17204]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17209]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17205]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17206]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17209]: pam_unix(cron:session): session closed for user root
Jul 14 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17204]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17151]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17288]: Successful su for rubyman by root
Jul 14 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17288]: + ??? root:rubyman
Jul 14 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17288]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784702 of user rubyman.
Jul 14 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17288]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784702.
Jul 14 13:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17151]: Failed password for invalid user lighthouse from 210.16.168.165 port 55422 ssh2
Jul 14 13:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14586]: pam_unix(cron:session): session closed for user root
Jul 14 13:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17206]: pam_unix(cron:session): session closed for user root
Jul 14 13:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17151]: Connection closed by 210.16.168.165 port 55422 [preauth]
Jul 14 13:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17205]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17527]: User mysql from 210.16.168.165 not allowed because not listed in AllowUsers
Jul 14 13:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17527]: input_userauth_request: invalid user mysql [preauth]
Jul 14 13:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165  user=mysql
Jul 14 13:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17527]: Failed password for invalid user mysql from 210.16.168.165 port 33502 ssh2
Jul 14 13:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16288]: pam_unix(cron:session): session closed for user root
Jul 14 13:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17527]: Connection closed by 210.16.168.165 port 33502 [preauth]
Jul 14 13:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165  user=root
Jul 14 13:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17626]: Failed password for root from 210.16.168.165 port 39818 ssh2
Jul 14 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17688]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17687]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17686]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17685]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17685]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17626]: Connection closed by 210.16.168.165 port 39818 [preauth]
Jul 14 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17760]: Successful su for rubyman by root
Jul 14 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17760]: + ??? root:rubyman
Jul 14 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17760]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784707 of user rubyman.
Jul 14 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17760]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784707.
Jul 14 13:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15020]: pam_unix(cron:session): session closed for user root
Jul 14 13:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17686]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18069]: Invalid user gpadmin from 210.16.168.165
Jul 14 13:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18069]: input_userauth_request: invalid user gpadmin [preauth]
Jul 14 13:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18069]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 13:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18069]: Failed password for invalid user gpadmin from 210.16.168.165 port 46130 ssh2
Jul 14 13:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18069]: Connection closed by 210.16.168.165 port 46130 [preauth]
Jul 14 13:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16761]: pam_unix(cron:session): session closed for user root
Jul 14 13:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18166]: Invalid user oracle from 210.16.168.165
Jul 14 13:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18166]: input_userauth_request: invalid user oracle [preauth]
Jul 14 13:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18166]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 13:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18166]: Failed password for invalid user oracle from 210.16.168.165 port 52438 ssh2
Jul 14 13:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18166]: Connection closed by 210.16.168.165 port 52438 [preauth]
Jul 14 13:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18232]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18233]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18230]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18231]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18230]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18296]: Successful su for rubyman by root
Jul 14 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18296]: + ??? root:rubyman
Jul 14 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18296]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784712 of user rubyman.
Jul 14 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18296]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784712.
Jul 14 13:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15462]: pam_unix(cron:session): session closed for user root
Jul 14 13:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18231]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165  user=root
Jul 14 13:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18217]: Failed password for root from 210.16.168.165 port 58752 ssh2
Jul 14 13:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18217]: Connection closed by 210.16.168.165 port 58752 [preauth]
Jul 14 13:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17208]: pam_unix(cron:session): session closed for user root
Jul 14 13:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18581]: Invalid user www from 210.16.168.165
Jul 14 13:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18581]: input_userauth_request: invalid user www [preauth]
Jul 14 13:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18581]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 13:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18581]: Failed password for invalid user www from 210.16.168.165 port 36842 ssh2
Jul 14 13:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18581]: Connection closed by 210.16.168.165 port 36842 [preauth]
Jul 14 13:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18678]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18681]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18679]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18680]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18678]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18744]: Successful su for rubyman by root
Jul 14 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18744]: + ??? root:rubyman
Jul 14 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18744]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784716 of user rubyman.
Jul 14 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18744]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784716.
Jul 14 13:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15879]: pam_unix(cron:session): session closed for user root
Jul 14 13:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18679]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165  user=root
Jul 14 13:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18673]: Failed password for root from 210.16.168.165 port 43134 ssh2
Jul 14 13:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18673]: Connection closed by 210.16.168.165 port 43134 [preauth]
Jul 14 13:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17688]: pam_unix(cron:session): session closed for user root
Jul 14 13:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18981]: Invalid user oscar from 210.16.168.165
Jul 14 13:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18981]: input_userauth_request: invalid user oscar [preauth]
Jul 14 13:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18981]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 13:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18981]: Failed password for invalid user oscar from 210.16.168.165 port 49470 ssh2
Jul 14 13:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18981]: Connection closed by 210.16.168.165 port 49470 [preauth]
Jul 14 13:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19079]: Invalid user test from 210.16.168.165
Jul 14 13:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19079]: input_userauth_request: invalid user test [preauth]
Jul 14 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19109]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19107]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19108]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19106]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19106]: pam_unix(cron:session): session closed for user p13x
Jul 14 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19079]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19166]: Successful su for rubyman by root
Jul 14 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19166]: + ??? root:rubyman
Jul 14 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19166]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784719 of user rubyman.
Jul 14 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19166]: pam_unix(su:session): session closed for user rubyman
Jul 14 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784719.
Jul 14 13:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19079]: Failed password for invalid user test from 210.16.168.165 port 55778 ssh2
Jul 14 13:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16287]: pam_unix(cron:session): session closed for user root
Jul 14 13:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19079]: Connection closed by 210.16.168.165 port 55778 [preauth]
Jul 14 13:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19107]: pam_unix(cron:session): session closed for user samftp
Jul 14 13:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 13:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19401]: Invalid user admin from 210.16.168.165
Jul 14 13:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19401]: input_userauth_request: invalid user admin [preauth]
Jul 14 13:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19401]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 13:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 13:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19401]: Failed password for invalid user admin from 210.16.168.165 port 33866 ssh2
Jul 14 13:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19401]: Connection closed by 210.16.168.165 port 33866 [preauth]
Jul 14 13:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18233]: pam_unix(cron:session): session closed for user root
Jul 14 13:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165  user=root
Jul 14 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19529]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19528]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19531]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19532]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19530]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19525]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19526]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19532]: pam_unix(cron:session): session closed for user root
Jul 14 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19528]: pam_unix(cron:session): session closed for user root
Jul 14 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19525]: pam_unix(cron:session): session closed for user p13x
Jul 14 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19647]: Successful su for rubyman by root
Jul 14 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19647]: + ??? root:rubyman
Jul 14 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19647]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784724 of user rubyman.
Jul 14 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19647]: pam_unix(su:session): session closed for user rubyman
Jul 14 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784724.
Jul 14 14:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19496]: Failed password for root from 210.16.168.165 port 40180 ssh2
Jul 14 14:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16760]: pam_unix(cron:session): session closed for user root
Jul 14 14:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19529]: pam_unix(cron:session): session closed for user root
Jul 14 14:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19496]: Connection closed by 210.16.168.165 port 40180 [preauth]
Jul 14 14:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19526]: pam_unix(cron:session): session closed for user samftp
Jul 14 14:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19914]: Invalid user app from 210.16.168.165
Jul 14 14:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19914]: input_userauth_request: invalid user app [preauth]
Jul 14 14:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19914]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 14:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 14:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19914]: Failed password for invalid user app from 210.16.168.165 port 46498 ssh2
Jul 14 14:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18681]: pam_unix(cron:session): session closed for user root
Jul 14 14:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19914]: Connection closed by 210.16.168.165 port 46498 [preauth]
Jul 14 14:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20052]: Invalid user elastic from 210.16.168.165
Jul 14 14:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20052]: input_userauth_request: invalid user elastic [preauth]
Jul 14 14:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20052]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 14:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 14:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20052]: Failed password for invalid user elastic from 210.16.168.165 port 52810 ssh2
Jul 14 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20088]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20087]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20084]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20085]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20084]: pam_unix(cron:session): session closed for user p13x
Jul 14 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20156]: Successful su for rubyman by root
Jul 14 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20156]: + ??? root:rubyman
Jul 14 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20156]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784729 of user rubyman.
Jul 14 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20156]: pam_unix(su:session): session closed for user rubyman
Jul 14 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784729.
Jul 14 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20052]: Connection closed by 210.16.168.165 port 52810 [preauth]
Jul 14 14:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17207]: pam_unix(cron:session): session closed for user root
Jul 14 14:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20085]: pam_unix(cron:session): session closed for user samftp
Jul 14 14:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19109]: pam_unix(cron:session): session closed for user root
Jul 14 14:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165  user=root
Jul 14 14:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20382]: Failed password for root from 210.16.168.165 port 59126 ssh2
Jul 14 14:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20382]: Connection closed by 210.16.168.165 port 59126 [preauth]
Jul 14 14:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20498]: Invalid user guest from 210.16.168.165
Jul 14 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20498]: input_userauth_request: invalid user guest [preauth]
Jul 14 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20512]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20513]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20509]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20510]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20509]: pam_unix(cron:session): session closed for user p13x
Jul 14 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20573]: Successful su for rubyman by root
Jul 14 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20573]: + ??? root:rubyman
Jul 14 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20573]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784734 of user rubyman.
Jul 14 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20573]: pam_unix(su:session): session closed for user rubyman
Jul 14 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784734.
Jul 14 14:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20498]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 14:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 14:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17687]: pam_unix(cron:session): session closed for user root
Jul 14 14:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20498]: Failed password for invalid user guest from 210.16.168.165 port 37206 ssh2
Jul 14 14:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20498]: Connection closed by 210.16.168.165 port 37206 [preauth]
Jul 14 14:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20510]: pam_unix(cron:session): session closed for user samftp
Jul 14 14:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19531]: pam_unix(cron:session): session closed for user root
Jul 14 14:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165  user=root
Jul 14 14:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20827]: Failed password for root from 210.16.168.165 port 43516 ssh2
Jul 14 14:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20827]: Connection closed by 210.16.168.165 port 43516 [preauth]
Jul 14 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20939]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20941]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20940]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20938]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20938]: pam_unix(cron:session): session closed for user p13x
Jul 14 14:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20997]: Successful su for rubyman by root
Jul 14 14:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20997]: + ??? root:rubyman
Jul 14 14:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20997]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 14:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784737 of user rubyman.
Jul 14 14:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20997]: pam_unix(su:session): session closed for user rubyman
Jul 14 14:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784737.
Jul 14 14:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18232]: pam_unix(cron:session): session closed for user root
Jul 14 14:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20939]: pam_unix(cron:session): session closed for user samftp
Jul 14 14:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21144]: Invalid user sonar from 210.16.168.165
Jul 14 14:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21144]: input_userauth_request: invalid user sonar [preauth]
Jul 14 14:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21144]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 14:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 14:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21144]: Failed password for invalid user sonar from 210.16.168.165 port 49836 ssh2
Jul 14 14:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21144]: Connection closed by 210.16.168.165 port 49836 [preauth]
Jul 14 14:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20088]: pam_unix(cron:session): session closed for user root
Jul 14 14:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21299]: Invalid user jumpserver from 210.16.168.165
Jul 14 14:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21299]: input_userauth_request: invalid user jumpserver [preauth]
Jul 14 14:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21299]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 14:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 14:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21299]: Failed password for invalid user jumpserver from 210.16.168.165 port 56148 ssh2
Jul 14 14:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21299]: Connection closed by 210.16.168.165 port 56148 [preauth]
Jul 14 14:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21387]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21386]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21385]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21384]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21384]: pam_unix(cron:session): session closed for user p13x
Jul 14 14:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21448]: Successful su for rubyman by root
Jul 14 14:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21448]: + ??? root:rubyman
Jul 14 14:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21448]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 14:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784741 of user rubyman.
Jul 14 14:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21448]: pam_unix(su:session): session closed for user rubyman
Jul 14 14:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784741.
Jul 14 14:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21364]: Invalid user tom from 210.16.168.165
Jul 14 14:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21364]: input_userauth_request: invalid user tom [preauth]
Jul 14 14:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21364]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 14:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 14:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18680]: pam_unix(cron:session): session closed for user root
Jul 14 14:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21364]: Failed password for invalid user tom from 210.16.168.165 port 34224 ssh2
Jul 14 14:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21385]: pam_unix(cron:session): session closed for user samftp
Jul 14 14:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21364]: Connection closed by 210.16.168.165 port 34224 [preauth]
Jul 14 14:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165  user=root
Jul 14 14:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21713]: Failed password for root from 210.16.168.165 port 40544 ssh2
Jul 14 14:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20513]: pam_unix(cron:session): session closed for user root
Jul 14 14:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21713]: Connection closed by 210.16.168.165 port 40544 [preauth]
Jul 14 14:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22101]: Invalid user git from 210.16.168.165
Jul 14 14:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22101]: input_userauth_request: invalid user git [preauth]
Jul 14 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22135]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22131]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22128]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22129]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22133]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22130]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22135]: pam_unix(cron:session): session closed for user root
Jul 14 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22128]: pam_unix(cron:session): session closed for user p13x
Jul 14 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22101]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22215]: Successful su for rubyman by root
Jul 14 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22215]: + ??? root:rubyman
Jul 14 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22215]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784747 of user rubyman.
Jul 14 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22215]: pam_unix(su:session): session closed for user rubyman
Jul 14 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784747.
Jul 14 14:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22101]: Failed password for invalid user git from 210.16.168.165 port 46860 ssh2
Jul 14 14:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22130]: pam_unix(cron:session): session closed for user root
Jul 14 14:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19108]: pam_unix(cron:session): session closed for user root
Jul 14 14:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22101]: Connection closed by 210.16.168.165 port 46860 [preauth]
Jul 14 14:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22129]: pam_unix(cron:session): session closed for user samftp
Jul 14 14:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22483]: Invalid user ranger from 210.16.168.165
Jul 14 14:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22483]: input_userauth_request: invalid user ranger [preauth]
Jul 14 14:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22483]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 14:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 14:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22483]: Failed password for invalid user ranger from 210.16.168.165 port 53170 ssh2
Jul 14 14:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22483]: Connection closed by 210.16.168.165 port 53170 [preauth]
Jul 14 14:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20941]: pam_unix(cron:session): session closed for user root
Jul 14 14:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165  user=root
Jul 14 14:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22611]: Failed password for root from 210.16.168.165 port 59484 ssh2
Jul 14 14:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22611]: Connection closed by 210.16.168.165 port 59484 [preauth]
Jul 14 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22674]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22675]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22672]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22671]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22671]: pam_unix(cron:session): session closed for user p13x
Jul 14 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22748]: Successful su for rubyman by root
Jul 14 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22748]: + ??? root:rubyman
Jul 14 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22748]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784751 of user rubyman.
Jul 14 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22748]: pam_unix(su:session): session closed for user rubyman
Jul 14 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784751.
Jul 14 14:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19530]: pam_unix(cron:session): session closed for user root
Jul 14 14:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22672]: pam_unix(cron:session): session closed for user samftp
Jul 14 14:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23000]: Invalid user appuser from 210.16.168.165
Jul 14 14:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23000]: input_userauth_request: invalid user appuser [preauth]
Jul 14 14:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23000]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 14:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 14:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23000]: Failed password for invalid user appuser from 210.16.168.165 port 37570 ssh2
Jul 14 14:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23000]: Connection closed by 210.16.168.165 port 37570 [preauth]
Jul 14 14:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21387]: pam_unix(cron:session): session closed for user root
Jul 14 14:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23039]: Invalid user tom from 210.16.168.165
Jul 14 14:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23039]: input_userauth_request: invalid user tom [preauth]
Jul 14 14:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23039]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 14:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 14:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23039]: Failed password for invalid user tom from 210.16.168.165 port 43880 ssh2
Jul 14 14:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23039]: Connection closed by 210.16.168.165 port 43880 [preauth]
Jul 14 14:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23157]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23156]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23155]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23153]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23153]: pam_unix(cron:session): session closed for user p13x
Jul 14 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23228]: Successful su for rubyman by root
Jul 14 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23228]: + ??? root:rubyman
Jul 14 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23228]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784755 of user rubyman.
Jul 14 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23228]: pam_unix(su:session): session closed for user rubyman
Jul 14 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784755.
Jul 14 14:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20087]: pam_unix(cron:session): session closed for user root
Jul 14 14:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165  user=root
Jul 14 14:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23155]: pam_unix(cron:session): session closed for user samftp
Jul 14 14:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23141]: Failed password for root from 210.16.168.165 port 50196 ssh2
Jul 14 14:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23141]: Connection closed by 210.16.168.165 port 50196 [preauth]
Jul 14 14:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22133]: pam_unix(cron:session): session closed for user root
Jul 14 14:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23573]: Invalid user ubuntu from 210.16.168.165
Jul 14 14:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23573]: input_userauth_request: invalid user ubuntu [preauth]
Jul 14 14:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23573]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 14:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 14:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23573]: Failed password for invalid user ubuntu from 210.16.168.165 port 56512 ssh2
Jul 14 14:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23573]: Connection closed by 210.16.168.165 port 56512 [preauth]
Jul 14 14:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23680]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23679]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23676]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23677]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23676]: pam_unix(cron:session): session closed for user p13x
Jul 14 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23739]: Successful su for rubyman by root
Jul 14 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23739]: + ??? root:rubyman
Jul 14 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23739]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784759 of user rubyman.
Jul 14 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23739]: pam_unix(su:session): session closed for user rubyman
Jul 14 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784759.
Jul 14 14:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20512]: pam_unix(cron:session): session closed for user root
Jul 14 14:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23665]: Invalid user elsearch from 210.16.168.165
Jul 14 14:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23665]: input_userauth_request: invalid user elsearch [preauth]
Jul 14 14:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23677]: pam_unix(cron:session): session closed for user samftp
Jul 14 14:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23665]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 14:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 14:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23665]: Failed password for invalid user elsearch from 210.16.168.165 port 34594 ssh2
Jul 14 14:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23665]: Connection closed by 210.16.168.165 port 34594 [preauth]
Jul 14 14:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24091]: Invalid user nginx from 210.16.168.165
Jul 14 14:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24091]: input_userauth_request: invalid user nginx [preauth]
Jul 14 14:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22675]: pam_unix(cron:session): session closed for user root
Jul 14 14:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24091]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 14:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 14:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24091]: Failed password for invalid user nginx from 210.16.168.165 port 40908 ssh2
Jul 14 14:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24091]: Connection closed by 210.16.168.165 port 40908 [preauth]
Jul 14 14:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24195]: Invalid user rancher from 210.16.168.165
Jul 14 14:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24195]: input_userauth_request: invalid user rancher [preauth]
Jul 14 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24226]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24225]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24224]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24223]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24221]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24223]: pam_unix(cron:session): session closed for user p13x
Jul 14 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24195]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24384]: Successful su for rubyman by root
Jul 14 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24384]: + ??? root:rubyman
Jul 14 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24384]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784763 of user rubyman.
Jul 14 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24384]: pam_unix(su:session): session closed for user rubyman
Jul 14 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784763.
Jul 14 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24221]: pam_unix(cron:session): session closed for user root
Jul 14 14:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24195]: Failed password for invalid user rancher from 210.16.168.165 port 47222 ssh2
Jul 14 14:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20940]: pam_unix(cron:session): session closed for user root
Jul 14 14:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24195]: Connection closed by 210.16.168.165 port 47222 [preauth]
Jul 14 14:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24224]: pam_unix(cron:session): session closed for user samftp
Jul 14 14:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24685]: Invalid user kolby from 80.94.95.15
Jul 14 14:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24685]: input_userauth_request: invalid user kolby [preauth]
Jul 14 14:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24685]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 14:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.15
Jul 14 14:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24685]: Failed password for invalid user kolby from 80.94.95.15 port 41298 ssh2
Jul 14 14:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24685]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 14:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165  user=root
Jul 14 14:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24685]: Failed password for invalid user kolby from 80.94.95.15 port 41298 ssh2
Jul 14 14:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24685]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 14:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24623]: Failed password for root from 210.16.168.165 port 53530 ssh2
Jul 14 14:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24685]: Failed password for invalid user kolby from 80.94.95.15 port 41298 ssh2
Jul 14 14:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24685]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 14:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23157]: pam_unix(cron:session): session closed for user root
Jul 14 14:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24685]: Failed password for invalid user kolby from 80.94.95.15 port 41298 ssh2
Jul 14 14:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24685]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 14:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24623]: Connection closed by 210.16.168.165 port 53530 [preauth]
Jul 14 14:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24685]: Failed password for invalid user kolby from 80.94.95.15 port 41298 ssh2
Jul 14 14:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24685]: Received disconnect from 80.94.95.15 port 41298:11: Bye [preauth]
Jul 14 14:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24685]: Disconnected from 80.94.95.15 port 41298 [preauth]
Jul 14 14:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24685]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.15
Jul 14 14:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24685]: PAM service(sshd) ignoring max retries; 5 > 3
Jul 14 14:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24709]: Invalid user rancher from 210.16.168.165
Jul 14 14:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24709]: input_userauth_request: invalid user rancher [preauth]
Jul 14 14:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24709]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 14:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 14:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24709]: Failed password for invalid user rancher from 210.16.168.165 port 59848 ssh2
Jul 14 14:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24709]: Connection closed by 210.16.168.165 port 59848 [preauth]
Jul 14 14:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24790]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24792]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24789]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24791]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24793]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24788]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24793]: pam_unix(cron:session): session closed for user root
Jul 14 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24788]: pam_unix(cron:session): session closed for user p13x
Jul 14 14:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24860]: Successful su for rubyman by root
Jul 14 14:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24860]: + ??? root:rubyman
Jul 14 14:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24860]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 14:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784769 of user rubyman.
Jul 14 14:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24860]: pam_unix(su:session): session closed for user rubyman
Jul 14 14:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784769.
Jul 14 14:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24790]: pam_unix(cron:session): session closed for user root
Jul 14 14:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21386]: pam_unix(cron:session): session closed for user root
Jul 14 14:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24789]: pam_unix(cron:session): session closed for user samftp
Jul 14 14:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24786]: Invalid user es from 210.16.168.165
Jul 14 14:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24786]: input_userauth_request: invalid user es [preauth]
Jul 14 14:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24786]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 14:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 14:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24786]: Failed password for invalid user es from 210.16.168.165 port 37922 ssh2
Jul 14 14:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24786]: Connection closed by 210.16.168.165 port 37922 [preauth]
Jul 14 14:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23680]: pam_unix(cron:session): session closed for user root
Jul 14 14:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165  user=root
Jul 14 14:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25153]: Failed password for root from 210.16.168.165 port 44244 ssh2
Jul 14 14:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25153]: Connection closed by 210.16.168.165 port 44244 [preauth]
Jul 14 14:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25249]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25248]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25250]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25246]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25246]: pam_unix(cron:session): session closed for user p13x
Jul 14 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25331]: Successful su for rubyman by root
Jul 14 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25331]: + ??? root:rubyman
Jul 14 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25331]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784776 of user rubyman.
Jul 14 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25331]: pam_unix(su:session): session closed for user rubyman
Jul 14 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784776.
Jul 14 14:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22131]: pam_unix(cron:session): session closed for user root
Jul 14 14:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25248]: pam_unix(cron:session): session closed for user samftp
Jul 14 14:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25233]: Invalid user user from 210.16.168.165
Jul 14 14:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25233]: input_userauth_request: invalid user user [preauth]
Jul 14 14:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25233]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 14:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 14:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25233]: Failed password for invalid user user from 210.16.168.165 port 50560 ssh2
Jul 14 14:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25233]: Connection closed by 210.16.168.165 port 50560 [preauth]
Jul 14 14:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24226]: pam_unix(cron:session): session closed for user root
Jul 14 14:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165  user=root
Jul 14 14:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25606]: Failed password for root from 210.16.168.165 port 56870 ssh2
Jul 14 14:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25606]: Connection closed by 210.16.168.165 port 56870 [preauth]
Jul 14 14:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25751]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25750]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25748]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25747]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25747]: pam_unix(cron:session): session closed for user p13x
Jul 14 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25822]: Successful su for rubyman by root
Jul 14 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25822]: + ??? root:rubyman
Jul 14 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25822]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784778 of user rubyman.
Jul 14 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25822]: pam_unix(su:session): session closed for user rubyman
Jul 14 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784778.
Jul 14 14:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22674]: pam_unix(cron:session): session closed for user root
Jul 14 14:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25713]: Invalid user uftp from 210.16.168.165
Jul 14 14:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25713]: input_userauth_request: invalid user uftp [preauth]
Jul 14 14:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25748]: pam_unix(cron:session): session closed for user samftp
Jul 14 14:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25713]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 14:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 14:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25713]: Failed password for invalid user uftp from 210.16.168.165 port 34944 ssh2
Jul 14 14:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25713]: Connection closed by 210.16.168.165 port 34944 [preauth]
Jul 14 14:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26075]: Invalid user data from 210.16.168.165
Jul 14 14:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26075]: input_userauth_request: invalid user data [preauth]
Jul 14 14:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26075]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 14:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 14:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24792]: pam_unix(cron:session): session closed for user root
Jul 14 14:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26075]: Failed password for invalid user data from 210.16.168.165 port 41266 ssh2
Jul 14 14:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26075]: Connection closed by 210.16.168.165 port 41266 [preauth]
Jul 14 14:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26174]: Invalid user bigdata from 210.16.168.165
Jul 14 14:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26174]: input_userauth_request: invalid user bigdata [preauth]
Jul 14 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26208]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26207]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26205]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26206]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26205]: pam_unix(cron:session): session closed for user p13x
Jul 14 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26267]: Successful su for rubyman by root
Jul 14 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26267]: + ??? root:rubyman
Jul 14 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26267]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784782 of user rubyman.
Jul 14 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26267]: pam_unix(su:session): session closed for user rubyman
Jul 14 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784782.
Jul 14 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26174]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 14:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23156]: pam_unix(cron:session): session closed for user root
Jul 14 14:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26174]: Failed password for invalid user bigdata from 210.16.168.165 port 47584 ssh2
Jul 14 14:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26206]: pam_unix(cron:session): session closed for user samftp
Jul 14 14:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26174]: Connection closed by 210.16.168.165 port 47584 [preauth]
Jul 14 14:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26594]: Invalid user oracle from 210.16.168.165
Jul 14 14:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26594]: input_userauth_request: invalid user oracle [preauth]
Jul 14 14:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26594]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 14:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 14:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26594]: Failed password for invalid user oracle from 210.16.168.165 port 53898 ssh2
Jul 14 14:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26594]: Connection closed by 210.16.168.165 port 53898 [preauth]
Jul 14 14:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25250]: pam_unix(cron:session): session closed for user root
Jul 14 14:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26694]: Invalid user plex from 210.16.168.165
Jul 14 14:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26694]: input_userauth_request: invalid user plex [preauth]
Jul 14 14:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26694]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 14:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 14:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26694]: Failed password for invalid user plex from 210.16.168.165 port 60210 ssh2
Jul 14 14:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26694]: Connection closed by 210.16.168.165 port 60210 [preauth]
Jul 14 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26730]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26729]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26728]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26727]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26727]: pam_unix(cron:session): session closed for user p13x
Jul 14 14:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26809]: Successful su for rubyman by root
Jul 14 14:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26809]: + ??? root:rubyman
Jul 14 14:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26809]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 14:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784786 of user rubyman.
Jul 14 14:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26809]: pam_unix(su:session): session closed for user rubyman
Jul 14 14:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784786.
Jul 14 14:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26839]: Did not receive identification string from 120.202.149.185
Jul 14 14:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23679]: pam_unix(cron:session): session closed for user root
Jul 14 14:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26728]: pam_unix(cron:session): session closed for user samftp
Jul 14 14:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27095]: Invalid user steam from 210.16.168.165
Jul 14 14:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27095]: input_userauth_request: invalid user steam [preauth]
Jul 14 14:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27095]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 14:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 14:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27095]: Failed password for invalid user steam from 210.16.168.165 port 38294 ssh2
Jul 14 14:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27095]: Connection closed by 210.16.168.165 port 38294 [preauth]
Jul 14 14:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25751]: pam_unix(cron:session): session closed for user root
Jul 14 14:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27220]: Invalid user esuser from 210.16.168.165
Jul 14 14:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27220]: input_userauth_request: invalid user esuser [preauth]
Jul 14 14:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27220]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 14:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 14:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27220]: Failed password for invalid user esuser from 210.16.168.165 port 44606 ssh2
Jul 14 14:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27220]: Connection closed by 210.16.168.165 port 44606 [preauth]
Jul 14 14:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27296]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27298]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27295]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27294]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27299]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27293]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27299]: pam_unix(cron:session): session closed for user root
Jul 14 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27293]: pam_unix(cron:session): session closed for user p13x
Jul 14 14:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27435]: Successful su for rubyman by root
Jul 14 14:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27435]: + ??? root:rubyman
Jul 14 14:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27435]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 14:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784791 of user rubyman.
Jul 14 14:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27435]: pam_unix(su:session): session closed for user rubyman
Jul 14 14:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784791.
Jul 14 14:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27295]: pam_unix(cron:session): session closed for user root
Jul 14 14:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24225]: pam_unix(cron:session): session closed for user root
Jul 14 14:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27294]: pam_unix(cron:session): session closed for user samftp
Jul 14 14:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27291]: Invalid user observer from 210.16.168.165
Jul 14 14:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27291]: input_userauth_request: invalid user observer [preauth]
Jul 14 14:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27291]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 14:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 14:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27291]: Failed password for invalid user observer from 210.16.168.165 port 50918 ssh2
Jul 14 14:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27291]: Connection closed by 210.16.168.165 port 50918 [preauth]
Jul 14 14:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26208]: pam_unix(cron:session): session closed for user root
Jul 14 14:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27793]: Invalid user docker from 210.16.168.165
Jul 14 14:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27793]: input_userauth_request: invalid user docker [preauth]
Jul 14 14:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27793]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 14:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 14:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27793]: Failed password for invalid user docker from 210.16.168.165 port 57236 ssh2
Jul 14 14:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27793]: Connection closed by 210.16.168.165 port 57236 [preauth]
Jul 14 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27890]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27892]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27893]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27891]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27890]: pam_unix(cron:session): session closed for user p13x
Jul 14 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27967]: Successful su for rubyman by root
Jul 14 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27967]: + ??? root:rubyman
Jul 14 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27967]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784796 of user rubyman.
Jul 14 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27967]: pam_unix(su:session): session closed for user rubyman
Jul 14 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784796.
Jul 14 14:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24791]: pam_unix(cron:session): session closed for user root
Jul 14 14:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27891]: pam_unix(cron:session): session closed for user samftp
Jul 14 14:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28060]: Invalid user user from 210.16.168.165
Jul 14 14:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28060]: input_userauth_request: invalid user user [preauth]
Jul 14 14:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28060]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 14:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 14:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28060]: Failed password for invalid user user from 210.16.168.165 port 35316 ssh2
Jul 14 14:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28060]: Connection closed by 210.16.168.165 port 35316 [preauth]
Jul 14 14:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28236]: fatal: Unable to negotiate with 114.67.80.147 port 60895: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 [preauth]
Jul 14 14:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26730]: pam_unix(cron:session): session closed for user root
Jul 14 14:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28260]: fatal: Unable to negotiate with 114.67.80.147 port 32777: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 [preauth]
Jul 14 14:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28262]: fatal: Unable to negotiate with 114.67.80.147 port 32876: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 [preauth]
Jul 14 14:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28273]: fatal: Unable to negotiate with 114.67.80.147 port 32966: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 [preauth]
Jul 14 14:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28275]: Invalid user elastic from 210.16.168.165
Jul 14 14:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28275]: input_userauth_request: invalid user elastic [preauth]
Jul 14 14:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28275]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 14:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 14:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28275]: Failed password for invalid user elastic from 210.16.168.165 port 41632 ssh2
Jul 14 14:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28275]: Connection closed by 210.16.168.165 port 41632 [preauth]
Jul 14 14:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28332]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28329]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28331]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28330]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28327]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28327]: pam_unix(cron:session): session closed for user root
Jul 14 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28329]: pam_unix(cron:session): session closed for user p13x
Jul 14 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28422]: Successful su for rubyman by root
Jul 14 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28422]: + ??? root:rubyman
Jul 14 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28422]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784801 of user rubyman.
Jul 14 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28422]: pam_unix(su:session): session closed for user rubyman
Jul 14 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784801.
Jul 14 14:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25249]: pam_unix(cron:session): session closed for user root
Jul 14 14:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28330]: pam_unix(cron:session): session closed for user samftp
Jul 14 14:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28324]: Invalid user oracle from 210.16.168.165
Jul 14 14:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28324]: input_userauth_request: invalid user oracle [preauth]
Jul 14 14:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28324]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 14:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 14:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28324]: Failed password for invalid user oracle from 210.16.168.165 port 47946 ssh2
Jul 14 14:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28324]: Connection closed by 210.16.168.165 port 47946 [preauth]
Jul 14 14:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27298]: pam_unix(cron:session): session closed for user root
Jul 14 14:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28681]: Invalid user postgres from 210.16.168.165
Jul 14 14:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28681]: input_userauth_request: invalid user postgres [preauth]
Jul 14 14:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28681]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 14:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 14:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28681]: Failed password for invalid user postgres from 210.16.168.165 port 54258 ssh2
Jul 14 14:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28681]: Connection closed by 210.16.168.165 port 54258 [preauth]
Jul 14 14:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28778]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28780]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28779]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28777]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28777]: pam_unix(cron:session): session closed for user p13x
Jul 14 14:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28842]: Successful su for rubyman by root
Jul 14 14:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28842]: + ??? root:rubyman
Jul 14 14:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28842]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 14:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784805 of user rubyman.
Jul 14 14:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28842]: pam_unix(su:session): session closed for user rubyman
Jul 14 14:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784805.
Jul 14 14:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28761]: Invalid user ts from 210.16.168.165
Jul 14 14:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28761]: input_userauth_request: invalid user ts [preauth]
Jul 14 14:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28761]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 14:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 14:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25750]: pam_unix(cron:session): session closed for user root
Jul 14 14:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28761]: Failed password for invalid user ts from 210.16.168.165 port 60572 ssh2
Jul 14 14:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28778]: pam_unix(cron:session): session closed for user samftp
Jul 14 14:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28761]: Connection closed by 210.16.168.165 port 60572 [preauth]
Jul 14 14:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165  user=root
Jul 14 14:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29162]: Failed password for root from 210.16.168.165 port 38654 ssh2
Jul 14 14:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27893]: pam_unix(cron:session): session closed for user root
Jul 14 14:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29162]: Connection closed by 210.16.168.165 port 38654 [preauth]
Jul 14 14:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29273]: Invalid user ftpuser from 210.16.168.165
Jul 14 14:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29273]: input_userauth_request: invalid user ftpuser [preauth]
Jul 14 14:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29273]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 14:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29297]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29296]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29294]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29295]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29294]: pam_unix(cron:session): session closed for user p13x
Jul 14 14:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29360]: Successful su for rubyman by root
Jul 14 14:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29360]: + ??? root:rubyman
Jul 14 14:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29360]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 14:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29273]: Failed password for invalid user ftpuser from 210.16.168.165 port 44970 ssh2
Jul 14 14:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784809 of user rubyman.
Jul 14 14:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29360]: pam_unix(su:session): session closed for user rubyman
Jul 14 14:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784809.
Jul 14 14:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29273]: Connection closed by 210.16.168.165 port 44970 [preauth]
Jul 14 14:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26207]: pam_unix(cron:session): session closed for user root
Jul 14 14:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29295]: pam_unix(cron:session): session closed for user samftp
Jul 14 14:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29604]: Invalid user test from 210.16.168.165
Jul 14 14:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29604]: input_userauth_request: invalid user test [preauth]
Jul 14 14:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29604]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 14:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 14:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29604]: Failed password for invalid user test from 210.16.168.165 port 51284 ssh2
Jul 14 14:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29604]: Connection closed by 210.16.168.165 port 51284 [preauth]
Jul 14 14:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28332]: pam_unix(cron:session): session closed for user root
Jul 14 14:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29695]: Invalid user gitlab from 210.16.168.165
Jul 14 14:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29695]: input_userauth_request: invalid user gitlab [preauth]
Jul 14 14:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29695]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 14:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 14:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29695]: Failed password for invalid user gitlab from 210.16.168.165 port 57598 ssh2
Jul 14 14:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29695]: Connection closed by 210.16.168.165 port 57598 [preauth]
Jul 14 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29742]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29744]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29735]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29740]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29743]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29734]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29744]: pam_unix(cron:session): session closed for user root
Jul 14 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29734]: pam_unix(cron:session): session closed for user p13x
Jul 14 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29807]: Successful su for rubyman by root
Jul 14 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29807]: + ??? root:rubyman
Jul 14 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29807]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784815 of user rubyman.
Jul 14 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29807]: pam_unix(su:session): session closed for user rubyman
Jul 14 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784815.
Jul 14 14:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26729]: pam_unix(cron:session): session closed for user root
Jul 14 14:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29740]: pam_unix(cron:session): session closed for user root
Jul 14 14:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29735]: pam_unix(cron:session): session closed for user samftp
Jul 14 14:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30044]: Invalid user guest from 210.16.168.165
Jul 14 14:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30044]: input_userauth_request: invalid user guest [preauth]
Jul 14 14:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30044]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 14:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 14:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30072]: Invalid user admin from 78.128.112.74
Jul 14 14:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30072]: input_userauth_request: invalid user admin [preauth]
Jul 14 14:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30072]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 14:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74
Jul 14 14:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30044]: Failed password for invalid user guest from 210.16.168.165 port 35680 ssh2
Jul 14 14:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30072]: Failed password for invalid user admin from 78.128.112.74 port 34154 ssh2
Jul 14 14:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30072]: Connection closed by 78.128.112.74 port 34154 [preauth]
Jul 14 14:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30044]: Connection closed by 210.16.168.165 port 35680 [preauth]
Jul 14 14:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28780]: pam_unix(cron:session): session closed for user root
Jul 14 14:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30145]: Invalid user worker from 210.16.168.165
Jul 14 14:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30145]: input_userauth_request: invalid user worker [preauth]
Jul 14 14:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30145]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 14:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 14:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30145]: Failed password for invalid user worker from 210.16.168.165 port 41994 ssh2
Jul 14 14:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30145]: Connection closed by 210.16.168.165 port 41994 [preauth]
Jul 14 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30200]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30199]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30198]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30197]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30197]: pam_unix(cron:session): session closed for user p13x
Jul 14 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30260]: Successful su for rubyman by root
Jul 14 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30260]: + ??? root:rubyman
Jul 14 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30260]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784819 of user rubyman.
Jul 14 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30260]: pam_unix(su:session): session closed for user rubyman
Jul 14 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784819.
Jul 14 14:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27296]: pam_unix(cron:session): session closed for user root
Jul 14 14:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30198]: pam_unix(cron:session): session closed for user samftp
Jul 14 14:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30449]: Invalid user flask from 210.16.168.165
Jul 14 14:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30449]: input_userauth_request: invalid user flask [preauth]
Jul 14 14:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30449]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 14:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 14:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30449]: Failed password for invalid user flask from 210.16.168.165 port 48304 ssh2
Jul 14 14:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30449]: Connection closed by 210.16.168.165 port 48304 [preauth]
Jul 14 14:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29297]: pam_unix(cron:session): session closed for user root
Jul 14 14:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30557]: Invalid user gpuadmin from 210.16.168.165
Jul 14 14:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30557]: input_userauth_request: invalid user gpuadmin [preauth]
Jul 14 14:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30557]: pam_unix(sshd:auth): check pass; user unknown
Jul 14 14:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.168.165
Jul 14 14:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30557]: Failed password for invalid user gpuadmin from 210.16.168.165 port 54618 ssh2
Jul 14 14:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30557]: Connection closed by 210.16.168.165 port 54618 [preauth]
Jul 14 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30621]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30622]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30620]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jul 14 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30619]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jul 14 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30619]: pam_unix(cron:session): session closed for user p13x
Jul 14 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jul 14 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30687]: Successful su for rubyman by root
Jul 14 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30687]: + ??? root:rubyman
Jul 14 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30687]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jul 14 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 784824 of user rubyman.
Jul 14 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30687]: pam_unix(su:session): session closed for user rubyman
Jul 14 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 784824.